Skip to content

Instantly share code, notes, and snippets.

@inability
inability / execution-through-execution.md
Last active Nov 29, 2018
Using Unix programs to execute other programs
View execution-through-execution.md

This Gist documents Unix utilities that have options that can be abused to execute other, arbritrary commands. This information can be useful in many scenarios -- the ones that come to mind are abusing certain /etc/sudoers configurations, breaking out of limited shells (eg. the ones provided in many network devices) and getting RCE in webapps even with restrictive filters in place.

Many of these examples originally came from this blogpost.

This is the script that was used to test these examples:

$ cat test.sh
#!/bin/sh
@inability
inability / shitty-booter.md
Last active Jan 7, 2021
This Gist describes various vulnerabilities in "booter sources".
View shitty-booter.md

This Gist describes various vulnerabilities in "booter sources", i.e. source code that is used for the frontends of "booter"/"stresser" services that offers DDoS attacks on demand.

Unknown Booter Source

I'm not sure where this particular source code comes from. I've seen it under the names "vDos Source", "Rage Booter", "Dream Source" and "MHC-Panic Booter Source".

Persistent XSS

There exists a persistent cross-site scripting vulnerability in the admin/manage.php script. When users sign up, they are asked to input an email address. The email is validated with PHP's FILTER_VALIDATE_EMAIL filter, which is relaxed with the emails that it accepts. The manage.php script, when called, displays the user's email without sanitising or filtering it.

View keybase.md

Keybase proof

I hereby claim:

  • I am inability on github.
  • I am knn (https://keybase.io/knn) on keybase.
  • I have a public key whose fingerprint is D2B1 7947 AA48 445C 0DBF 7798 AA46 D518 CB7A 7C14

To claim this, I am signing this object: