Skip to content

Instantly share code, notes, and snippets.

View nikcub's full-sized avatar

Nik Cubrilovic nikcub

122 followers · 12 following
View GitHub Profile
@nikcub
nikcub / disqus-xss.html
Created August 13, 2014 02:20
Disqus for Wordpress v2.7.5 XSS Exploit
<!--
Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5
Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/
12th August 2014
Nik Cubrilovic - www.nikcub.com
Most of these params are unfiltered/injectable. Not framable on newer Wordpress.
@nikcub
nikcub / cscart-exploit.py
Last active February 25, 2017 03:43
CS-Cart Session Brute Force Exploit
#!/usr/bin/env python
# CS-Cart session brute force exploit for v4.2.0
# see https://www.nikcub.com/posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities/
import sys
import requests
import argparse
import re
import string
import random
@nikcub
nikcub / composer.json
Created May 28, 2014 04:16
composer example
{
"name": "webwall/site",
"require": {
"php": ">=5.3.3",
"silex/silex": "~1.1",
"twig/twig": "1.*",
"symfony/twig-bridge": "*",
"monolog/monolog": "*",
"symfony/monolog-bridge": "*",
"symfony/security": "*",
@nikcub
nikcub / torrc
Last active October 20, 2022 13:29
Tor Relay & Bridge Config
#
# tor relay / bridge config
#
# apt-get install tor
#
# yum install tor (after adding EPEL or similar as a repo)
#
# dump this config file into the default tor config file location (/etc/tor/torrc)
#
# see also: https://www.torproject.org/docs/installguide.html.en
@nikcub
nikcub / satoshi.txt
Last active August 29, 2015 13:57
Newsweek Satoshi Story
Satoshi Nakamoto stands at the end of his sunbaked driveway looking timorous. And annoyed.
He's wearing a rumpled T-shirt, old blue jeans and white gym socks, without shoes, like he has left the house in a hurry. His hair is unkempt, and he has the thousand-mile stare of someone who has gone weeks without sleep.
He stands not with defiance, but with the slackness of a person who has waged battle for a long time and now faces a grave loss.
Two police officers from the Temple City, Calif., sheriff's department flank him, looking puzzled. "So, what is it you want to ask this man about?" one of them asks me. "He thinks if he talks to you he's going to get into trouble."
"I don't think he's in any trouble," I say. "I would like to ask him about Bitcoin. This man is Satoshi Nakamoto."
@nikcub
nikcub / gist:7767735
Created December 3, 2013 11:33
vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day
vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day
#Category: web application
#Type: SQL Injection
#Requirements: Firefox/Live HTTP Headers/
#Dork: Powered by vBulletin™ Version 5.0.0 Beta (or) Use ur Brain you'll get more o_O
Step 1
Create an Account on vBulletin forum Verify the account and Activate it
@nikcub
nikcub / nikcub.key
Created October 9, 2013 04:45
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - https://gpgtools.org
mQMuBFJU3swRCADbRVdSEXGq7+TfRZG5N0WML4g0BJUSk92Yvm9hbLZBG4QZ90Ud
cr5TrM2gclOq5KL3DeSBqgX8d3o67d6fkIAAu70BObg2LcammEFUIxRPpkYgtnBr
MMJByXxUVE3ZX3z2Uc/8LHjYLSRJvzsVImLa85sNpNB58GVeTbqFdVYohOunsjpO
2vNlNK3yVBwqqi/stq+9cDexDkr4WXeBtuc0AiROF3Ar1KYeRyGB8nzXQfOFxr8q
xe7KQ89Sf9O8kf1ktlCNnb0MmTPPAMvM6hnWRtJuOxynM3AZyiOJqN+hod0QsN6y
twnLc6ZJ8jADCd0XFo0k7m3bTNHs5MiKXC+rAQChIlwunQqEXdlqUeT7xRNiseeb
@nikcub
nikcub / gist:5323021
Last active December 15, 2015 20:59 
repost of my comment on Facebook here: https://www.facebook.com/lisapadilla/posts/627211503961250?comment_id=7377112&offset=0&total_comments=45

for those that don't have permission to view it.

I'll go on the record in this thread to say that I lived in the same house as Arrington for the entire time he dated Jenn. I never once saw even a hint of physical abuse, let alone rape or any of the other things that have been suggested. He broke off the relationship and she was extremely attached to him and jealous of his new relationships. I have screen shots of previous Facebook posts Jenn has made where she has aired dirty laundry. She deleted at least one of those messages. Every time I have spoken to and caught up with Mike in the past few years he has mentioned the ongoing problem he has with her. I won't go into the details of what he told me, but I will say that I am very very skeptical of the post she made. Infact, when she made the post I immediately took a screenshot of it and emailed it to mike w

@nikcub
nikcub / gist:4696417
Created February 2, 2013 07:20
Twitter revoke all OAuth
go to settings > applications and paste the following javascript into your browser console or the address bar:
javascript:var a=document.querySelectorAll('button.revoke');for(var i=0, len=a.length; i<len; i++) { if(a[i].innerHTML=="Revoke access"){a[i].click();};
that will automatically click 'revoke' for all the applications
not that some browsers, such as chrome, will remove the 'javascript:' part if you paste it in, just type it back in and press enter. leave the browser open for 15-20 seconds and then refresh
@nikcub
nikcub / gist:4696395
Last active December 12, 2015 02:08
remove all twitter oauth
<h3>Step 1</h3>
<p>Visit the Twitter settings page for OAuth applications by going to Settings > Applications or https://twitter.com/settings/applications</p>
<p>Paste the following Javascript into your browser URL bar and hit enter</p>
<pre>javascript:var a=document.querySelectorAll('button.revoke');for(var i=0, len=a.length; i<len; i++) { if(a[i].innerHTML=="Revoke access"){a[i].click();};</pre>
<p>Note: Some browsers, such as 'chrome' will remove the javascript: part of that URL when you paste it in. Just type it back in.</p>