Lauritz lauritzh
👨💻
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| Launch: $ php -S 127.0.0.1:1234 | |
| Access via http://localhost:1234/test.php?p=test | |
| --> | |
| <?= header('Content-Type: text/xml'); ?> | |
| aaa | |
| bbb | |
| <?= print_r($_GET['p']); ?> | |
| ccc | |
| ddd |
lauritzh
/ poc.js
Created
May 9, 2023 08:22
OAuth 2.0 / OpenID Connect 1.0 SSO Login CSRF PoC. Authenticates a victim user into an attacker-controlled account at example.com. Requires the target to insecurely implement a Google SSO login using the Authorization Code Grant Type and without any CSRF protection ("state", PKCE).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Headless SSO Login CSRF PoC | |
| // (c) Lauritz Holtmann, 2023 | |
| // | |
| const pt = require('puppeteer') | |
| const express = require('express') | |
| const app = express() | |
| const port = 3000 |
lauritzh
/ download_apks.sh
Created
January 6, 2023 00:12
Ever wanted to obtain an APK from an Android device? You do not need to install fancy Apps for this, ADB and the following minimal Bash script is sufficient to do so. Use the App's bundle identifier as first argument.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./download_apks.sh com.example.app | |
| BUNDLE_FILES=$(adb shell pm path "$1") | |
| for file in $BUNDLE_FILES; do | |
| CLEAN=$(echo "$file"|sed 's/[^:]*://') | |
| adb pull "$CLEAN" . | |
| done |
lauritzh
/ vue-csti.php
Created
September 21, 2022 18:41
Vulnerable VueJS 3 Client-Side Template Injection example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| // | |
| // Vue 3 XSS example | |
| // 1. Launch as follows: | |
| // $ php -S 127.0.0.1:1234 | |
| // 2. Access at http://localhost:1234/vue-csti.php?name=you and try to pop an alert! | |
| // | |
| // (c) Lauritz Holtmann | |
| // | |
| --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * (c) Lauritz Holtmann, https://security.lauritz-holtmann.de | |
| * | |
| * Could be for instance launched as follows: | |
| * $ php -S 127.0.0.1:1234 | |
| * $ ngrok http 1234 | |
| * | |
| * Visit https://something.ngrok.io/oidc_dicovery.php | |
| */ |