Skip to content

Instantly share code, notes, and snippets.

View itSssm3's full-sized avatar

Focus. itSssm3

10 followers · 178 following
  • 00:11 (UTC +08:00)
View GitHub Profile
@leesh3288
leesh3288 / vm2_3.9.16_sandbox_escape.md
Last active March 18, 2025 19:33
Sandbox Escape in vm2@3.9.16

Sandbox Escape in vm2@3.9.16

Summary

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.15_sandbox_escape.md
Last active September 17, 2025 09:19
Sandbox Escape in vm2@3.9.15

Sandbox Escape in vm2@3.9.15

Summary

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@anir0y
anir0y / fuel-cms.py
Created October 29, 2021 07:06
#!/usr/bin/python3
# Exploit Title: fuelCMS 1.4.1 - Remote Code Execution
# Date: 2019-07-19
# Exploit Author: 0xd0ff9
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763
@mossmann
mossmann / whatlurksbelow.md
Last active March 30, 2025 19:52
CTF Writeup: Google CTF 2020 "What Lurks Below"

What Lurks Below

Challenge Description

"This one seems to be straight forward, but there is no flag to be found! Sample rate = 1024k"

challenge.cfile

Decoding ASK

@y0ngb1n
y0ngb1n / docker-registry-mirrors.md
Last active October 15, 2025 15:17
国内的 Docker Hub 镜像加速器,由国内教育机构与各大云服务商提供的镜像加速服务 | Dockerized 实践 https://github.com/y0ngb1n/dockerized
@mgeeky
mgeeky / cve-2018-10993.py
Created December 4, 2018 00:55
CVE-2018-10993 libSSH authentication bypass exploit
#!/usr/bin/python3
#
# CVE-2018-10993 libSSH authentication bypass exploit
#
# The libSSH library has flawed authentication/connection state-machine.
# Upon receiving from connecting client the MSG_USERAUTH_SUCCESS Message
# (as described in RFC4252, sec. 5.1.) which is an authentication response message
# that should be returned by the server itself (not accepted from client)
# the libSSH switches to successful post-authentication state. In such state,
@aseering
aseering / ntlmdecoder.py
Last active March 12, 2025 11:27
NTLM auth-string decoder
#!/usr/bin/env python
## Decodes NTLM "Authenticate" HTTP-Header blobs.
## Reads the raw blob from stdin; prints out the contained metadata.
## Supports (auto-detects) Type 1, Type 2, and Type 3 messages.
## Based on the excellent protocol description from:
## <http://davenport.sourceforge.net/ntlm.html>
## with additional detail subsequently added from the official protocol spec:
## <http://msdn.microsoft.com/en-us/library/cc236621.aspx>
##
@SaswatPadhi
SaswatPadhi / polyglot.pl.php.py.rb.cpp
Created June 5, 2012 03:33 — forked from wakhub/polyglot.pl.php.py.rb
PHP + Perl + Python + Ruby + C + C++ - polyglot
#/*<?php eval('echo "PHP Code\n";'); __halt_compiler();?> */
#include <stdio.h> /*
print ((("b" + "0" == 0) and eval('"Perl Code\n"')) or (0 and "Ruby Code\n" or "Python Code"));
__DATA__ = 1
"""""
__END__