Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
View GitHub Profile
View gist:9784512
# PATCH/PUT /submits/1
# PATCH/PUT /submits/1.json
def update
respond_to do |format|
if @submit.status == 'PENDING'
if @submit.update(submit_params)
format.html { redirect_to @submit, notice: 'Submission was successfully updated.' }
format.json { head :no_content }
end
else
View gist:9914033
ryans-mbp-2:ThreadFix_2.0FINAL ryan$ bash threadfix.sh
Looking for a key in /Users/ryan/Downloads/ThreadFix_2.0FINAL/tomcat/keystore
Generated a keystore.
Usage: {start|stop}
ryans-mbp-2:ThreadFix_2.0FINAL ryan$ bash threadfix.sh start
Looking for a key in /Users/ryan/Downloads/ThreadFix_2.0FINAL/tomcat/keystore
Using pre-generated keystore.
mkdir: ./tomcat/logs: File exists
Using CATALINA_BASE: ./tomcat
Using CATALINA_HOME: ./tomcat
View gist:cb06f575c6ba28644e9a
$ ./dnsrecon.py -d jamiehankins.co.uk
[*] Performing General Enumeration of Domain: jamiehankins.co.uk
[-] DNSSEC is not configured for jamiehankins.co.uk
[*] SOA hank.ns.cloudflare.com 173.245.59.116
[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS hank.ns.cloudflare.com 173.245.59.116
[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS lucy.ns.cloudflare.com 173.245.58.133
[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
[*] MX aspmx2.googlemail.com 74.125.143.27
@ethicalhack3r
ethicalhack3r / test.html
Created Sep 18, 2014
Entering version numbers in HTML form
View test.html
<!DOCTYPE html>
<html>
<body>
<input type="text" name="version1" value="1.0">
<select>
<option value="&lt;">&lt;</option>
<option value="&gt;">&gt;</option>
<option value="=">=</option>
@ethicalhack3r
ethicalhack3r / advisory
Created Dec 6, 2014
Satoshi v2.0 - CSRF
View advisory
Theme Name: Satoshi v2.0
Theme URI: http://www.vooshthemes.com
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
Author: Voosh Themes
Author URI: http://www.vooshthemes.com
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js
Localhost Demo:
View gist:66de53fb6a110f2834b9
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872
View post.txt
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
@ethicalhack3r
ethicalhack3r / gist:5982734
Created Jul 12, 2013
The array size decreases on delete, however, the 'internal loop counter' stays the same.
View gist:5982734
a=[1,2,3,4]; a.each_with_index{|e,i| p "Iteration #{i}: delete #{e} - size of array #{a.size}"; a.delete(e) }
"Iteration 0: delete 1 - size of array 4"
"Iteration 1: delete 3 - size of array 3"
=> [2, 4]
@ethicalhack3r
ethicalhack3r / gist:6296321
Created Aug 21, 2013
DOM XSS - Exploitable without user entering/pasting payload?
View gist:6296321
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script>
$(function(){
$( "#button" ).click(function() {
var query = $("form#DevSearch").find('input[type=text]').val();
$("span#searchQuery").html(query);
View gist:6336676
POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1
Host: www.ethicalhack3r.co.uk
User-Agent: BOT/0.1 (BOT for JCE)
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: Close
Proxy-Connection: close
Content-Length: 1337