Skip to content

Instantly share code, notes, and snippets.

View ninj4c0d3r's full-sized avatar
:shipit:

Jonatas ninj4c0d3r

:shipit:
98 followers · 31 following
View GitHub Profile
@ninj4c0d3r
ninj4c0d3r / ocomon-rce.md
Created May 9, 2023 18:00

OcoMon < 4.0.1 - File Inclusion allow Remote Code Execution

Description

The vulnerability allows an authenticated user to change the language setting by passing a valid file path, the code will include the file and in some environments will execute malicious code.

Bug - 1

The vulnerability occurs because the function TRANS not validate and not sanitize user data entry.

@ninj4c0d3r
ninj4c0d3r / ocomon-cvee.md
Created May 9, 2023 17:43

OcoMon < 4.0.1 - User enumeration

Description

The vulnerability allows the attacker to obtain information such as Email, Username of the OcoMon users.

Bug - 1

The vulnerability occurs because the users-grid-data.php file does not validate authentication/session.

@ninj4c0d3r
ninj4c0d3r / CVE-2020-23648.md
Last active October 19, 2022 15:16
ASUS RT-N12E - Account Takeover [CVE-2020-23648]

ASUS RT-N12E - Account Takeover [CVE-2020-23648]

Descriptions

Asus RT-N12E is affected by an incorrect access control vulnerability, through system.asp/start_apply.htm an attacker can change the administrator password without any authentication.

Vulnerability

The vulnerability was exploited using the curl:

@ninj4c0d3r
ninj4c0d3r / ocomon-account-takeover.md
Last active October 19, 2022 15:08
CVE-2022-40798 - OcoMon Account Takeover

OcoMon < 4.0RC1 - Account Takeover [CVE-2022-40798]

Description

Through password recovery its possible to obtain a token to reset password of any user.

Bug - 1

The vulnerability occurs because the application validates the email in database and returns the real email to the user.

@ninj4c0d3r
ninj4c0d3r / huectf-quack.md
Last active December 21, 2017 11:59
HueCTF - Quack [Web150] Write-up

HueCTF - Quack [Write-Up]

https://ctf.devechio.com/flag.php?evento=24

A0-Logo

Introdução

Ao abrir o link do desafio obtemos uma página com um vídeo do SimpsonWave tocando de fundo e um espaço para pesquisar, também pode se notar no titulo da página "PatoPatoVai" que traduzindo para o inglês temos DuckDuckGo que é um motor de busca muito conhecido na internet.

@ninj4c0d3r
ninj4c0d3r / hackaflag-crypto100.py
Created November 16, 2017 19:39
#!/usr/bin/python
# Hackaflag 2017 Etapa NATAL Crypto100 [Write-Up]
# Jonatas Fil - Dark00x1n [RATF]
# RSA-768
# https://en.wikipedia.org/wiki/RSA_Factoring_Challenge
# https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
import gmpy
# Modulo