Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View jorgectf's full-sized avatar
🎯
Focusing

Jorge jorgectf

🎯
Focusing
View GitHub Profile
@strellic
strellic / font.js
Created October 24, 2021 18:15
AF2 exploit
const js2xmlparser = require('js2xmlparser');
const fs = require('fs');
const tmp = require('tmp');
const rimraf = require('rimraf');
const child_process = require('child_process');
function createFont(prefix, name, charsToLigature) {
let font = {
"defs": {
"font": {
@pwntester
pwntester / ssti.ql
Created May 22, 2020 15:36
SSTI QL query
/**
* @name SSTI
* @kind path-problem
* @id java/ssti
*/
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import DataFlow
@mccabe615
mccabe615 / phpdangerousfuncs.md
Last active April 21, 2024 17:04
Dangerous PHP Functions

Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program