XML RPC method exposed:
- system.multicall
- system.methodSignature
- system.getCapabilities
- system.listMethods
- system.methodHelp
Request template:
<?xml version="1.0"?>
<head> | |
<!-- Big up to https://portswigger.net/web-security/clickjacking labs :) --> | |
<style> | |
.target_website { | |
position:relative; | |
width:800px; | |
height:400px; | |
#Set opacity to 0.5 to see overlay allowing preparation of the attack | |
#Set opacity to 0.00001 to made the target frame site transparent and bypass some browser protection on opacity like one in chrome for example | |
#See https://www.w3schools.com/css/css_image_transparency.asp |
# Simple dirty script to fuzz a SOAP request using the Burp Sniper approach: | |
# See https://portswigger.net/burp/documentation/desktop/tools/intruder/positions | |
# Dependencies: | |
# pip install lxml requests_ntlm requests tabulate tqdm | |
import requests | |
import urllib3 | |
from requests_ntlm import HttpNtlmAuth | |
from lxml import etree as ET | |
from tabulate import tabulate | |
from hashlib import sha1 |
# The situation is the following: | |
# Your enter ab in a feature and it return data to you but when your enter ab' it indicate that there is not data found. | |
# | |
# So, does it means that there is no SQLi because ab' is well handled OR the error is catched | |
# and a "not data found message" is returned? | |
# | |
# The goal here is to submit a payload that, if interpreted by the SQL DB, will give ab and then data will be returned | |
# then indicating that there is a SQLi because the payload is interpreted. | |
ab';# | |
ab';-- |
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
""" | |
Script to verify, for a set of CVE, if the MITRE has released them | |
and if a link to the security advisory on the CVE owner site has been added. | |
Dependencies: pip install requests | |
""" | |
import requests | |
import collections |
XML RPC method exposed:
Request template:
<?xml version="1.0"?>
import requests | |
import colorama | |
import os | |
import git | |
import argparse | |
import shutil | |
import json | |
from git import Repo | |
from termcolor import colored |
adb shell pm list packages
adb shell pm path [PACKAGE_NAME]
adb pull [PACKAGE_PATH]