国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。
Dockerized 实践 https://github.com/y0ngb1n/dockerized
<?php | |
/** | |
* PHP 5.3.3+ FASTCGI jailbreak | |
* | |
* @author wofeiwo <wofeiwo#80sec.com> | |
* @date 2013-01-23 | |
* @version 1.0 | |
* @reference https://bugs.php.net/bug.php?id=64103 | |
* @reference http://www.wooyun.org/bugs/wooyun-2013-018116 (Chinese) | |
* @note disable php security settings, but can't overwrite disable_function/disable_classes. |
/** | |
* USB HID Keyboard scan codes as per USB spec 1.11 | |
* plus some additional codes | |
* | |
* Created by MightyPork, 2016 | |
* Public domain | |
* | |
* Adapted from: | |
* https://source.android.com/devices/input/keyboard-devices.html | |
*/ |
国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。
Dockerized 实践 https://github.com/y0ngb1n/dockerized
This is based on https://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/
Credits: @hugeh0ge
It uses iconv
, in php, in order to execute the same payload.
Uses cases :
iconv
(in_charset), you can set an env var and you can upload arbitrary files (.so
library file and the gconv-modules
file) and you know their path.system
, shell_exec
, curl_exec
and other functions are disabled but you can setenv
(and LD_PRELOAD
is blacklisted).//Author:fnmsd | |
//Blog:https://blog.csdn.net/fnmsd | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.lang.reflect.Field; | |
import java.util.HashSet; | |
import java.util.Scanner; | |
public class a { |
/etc/pve/qemu-server/VMID.conf
args: -fsdev local,security_model=mapped,id=fsdev0,path=/path/to/share -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare
This tells qemu to create a 9pvirtio device exposing the mount_tag hostshare
(just a name to identify the mount point). That device is coupled to an fsdev named fsdev0, which specifies which portion of the host filesystem we are sharing, and in which mode.
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
**1.