win3zz

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

leesh3288

Sandbox Escape in vm2@3.9.19 via custom inspect function

Summary

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.

Proof of Concept

leesh3288

Sandbox Escape in vm2@3.9.19 via Promise[@@species]

Summary

In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with @@species accessor property allowing attackers to escape the sandbox and run arbitrary code.

Proof of Concept

bingzhangdai

How-to

1. On Host(PVE), edit /etc/pve/qemu-server/VMID.conf

args: -fsdev local,security_model=mapped,id=fsdev0,path=/path/to/share -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare

This tells qemu to create a 9pvirtio device exposing the mount_tag hostshare (just a name to identify the mount point). That device is coupled to an fsdev named fsdev0, which specifies which portion of the host filesystem we are sharing, and in which mode.

fnmsd

//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Scanner;

public class a {

LoadLow

This is based on https://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/

Credits: @hugeh0ge

It uses iconv, in php, in order to execute the same payload.

Uses cases :

• You control the first parameter of iconv (in_charset), you can set an env var and you can upload arbitrary files (.so library file and the gconv-modules file) and you know their path.
• You have a php RCE but system, shell_exec, curl_exec and other functions are disabled but you can setenv (and LD_PRELOAD is blacklisted).

y0ngb1n

Docker Hub 镜像加速器

国内从 Docker Hub 拉取镜像有时会遇到困难，此时可以配置镜像加速器。

Dockerized 实践 https://github.com/y0ngb1n/dockerized

Docker daemon 配置代理

参考 Docker daemon 配置代理

MightyPork

/**
 * USB HID Keyboard scan codes as per USB spec 1.11
 * plus some additional codes
 * 
 * Created by MightyPork, 2016
 * Public domain
 * 
 * Adapted from:
 * https://source.android.com/devices/input/keyboard-devices.html
 */

wofeiwo

<?php
/**
 * PHP 5.3.3+ FASTCGI jailbreak
 *
 * @author      wofeiwo <wofeiwo#80sec.com>
 * @date        2013-01-23 
 * @version     1.0
 * @reference   https://bugs.php.net/bug.php?id=64103 
 * @reference   http://www.wooyun.org/bugs/wooyun-2013-018116 (Chinese)
 * @note        disable php security settings, but can't overwrite disable_function/disable_classes.