I hereby claim:
- I am inability on github.
- I am knn (https://keybase.io/knn) on keybase.
- I have a public key whose fingerprint is D2B1 7947 AA48 445C 0DBF 7798 AA46 D518 CB7A 7C14
To claim this, I am signing this object:
dev inability
inability
/ keybase.md
Created
October 16, 2015 09:24
inability
/ execution-through-execution.md
Last active
November 29, 2018 13:29
Using Unix programs to execute other programs
This Gist documents Unix utilities that have options that can be abused to execute other, arbritrary commands. This information can be useful in many scenarios -- the ones that come to mind are abusing certain /etc/sudoers configurations, breaking out of limited shells (eg. the ones provided in many network devices) and getting RCE in webapps even with restrictive filters in place.
Many of these examples originally came from this blogpost.
This is the script that was used to test these examples:
$ cat test.sh
#!/bin/sh
inability
/ shitty-booter.md
Last active
January 7, 2021 00:37
This Gist describes various vulnerabilities in "booter sources".
This Gist describes various vulnerabilities in "booter sources", i.e. source code that is used for the frontends of "booter"/"stresser" services that offers DDoS attacks on demand.
I'm not sure where this particular source code comes from. I've seen it under the names "vDos Source", "Rage Booter", "Dream Source" and "MHC-Panic Booter Source".
There exists a persistent cross-site scripting vulnerability in the admin/manage.php script. When users sign up, they are asked to input an email address. The email is validated with PHP's FILTER_VALIDATE_EMAIL filter, which is relaxed with the emails that it accepts. The manage.php script, when called, displays the user's email without sanitising or filtering it.