Rory M roddux

## vr-rev-jobs.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                roddux
                / vr-rev-jobs.md
            
            
              Last active
              December 1, 2023 20:49
                — forked from iamavu/vr-rev-jobs.md
            
              
                Companies that offer Vulnerability Researcher positions
              
          
    Vulnerability Researcher Jobs

This list takes no ethical standpoint on any of the companies listed below; it is simply a list of companies hiring for vulnerability researcher positions.

  
   Name
   
   Link

  
## perfpricegb.js
// https://uk.pcpartpicker.com/products/memory/#page=1
// Visit site, run script in console / greasemonkey / etc

var max_perf  = 3200 / 17;    // reasonable
var max_value = max_perf / 6; //  defaults

// TODO:
// - look at all items then pick best, don't use defaults
// - resort the list based on best values

## f5scan.sh
#!/usr/bin/env bash
# usage: ./f5scan.sh <CIDR 1> <CIDR 2>
# requires: xargs, curl, nmap, awk
TIMEOUT=1
THREADS=20

scan() {
	URL=$1
	echo "CHECK: $URL"
	res=$(curl -skm$TIMEOUT $URL -w'%{http_code}' -o/dev/null)

## no-multicall.patch
diff --git a/wp-includes/IXR/class-IXR-server.php b/wp-includes/IXR/class-IXR-server.php
index 9702ba2..5437ce8 100644
--- a/wp-includes/IXR/class-IXR-server.php
+++ b/wp-includes/IXR/class-IXR-server.php
@@ -92,6 +92,7 @@ EOD;

     function call($methodname, $args)
     {
+        unset($this->callbacks["system.multicall"]);
         if (!$this->hasMethod($methodname)) {

## Concrete5 8.5.1 printf-debugging patch
diff -r concrete5-8.5.1/concrete/controllers/backend/file/folder.php html/concrete/controllers/backend/file/folder.php
18a19
> 	    echo "<!-- add folder woo -->\n";
diff -r concrete5-8.5.1/concrete/src/Http/DefaultDispatcher.php html/concrete/src/Http/DefaultDispatcher.php
106a107
> 	   echo "<!-- handleDispatch: " . $request->getRequestUri() . "-->\n";
109c110,111
<             $route = $this->router->matchRoute($request)->getRoute();
---
> 		$route = $this->router->matchRoute($request)->getRoute();

## freezer.js
var _variables = {};
var _varCount = 1;
var _functions = [];
var _funcCount = 1;
var _dvarCount = 0;

var rc = (x)=>x[Math.floor(Math.random() * x.length)];

function pick(X, recurseLevel) {
	if (recurseLevel >= 5) return "'ZZ'"

## fuck^H^Hzz.js
// Inspiration: @5aelo, @_tsuro, @ifsecure, @bkth_
// $ ./spidermonkey/js ./fuck^H^Hzz.js

// A quick thought experiment. A simple in-process template fuzzer using eval.
// Next idea is to generate the template, too. This one was hardcoded to try and find JIT bugs. Perhaps it will, I only ran it for a few hours.
// Can code even be JIT'd if it's being run via eval, though? Idk. Baby steps.

var rc = (x)=>x[Math.floor(Math.random() * x.length)];

var _object = [
	// https://uk.pcpartpicker.com/products/memory/#page=1
	// Visit site, run script in console / greasemonkey / etc

	var max_perf = 3200 / 17; // reasonable
	var max_value = max_perf / 6; // defaults

	// TODO:
	// - look at all items then pick best, don't use defaults
	// - resort the list based on best values
	#!/usr/bin/env bash
	# usage: ./f5scan.sh <CIDR 1> <CIDR 2>
	# requires: xargs, curl, nmap, awk
	TIMEOUT=1
	THREADS=20

	scan() {
	URL=$1
	echo "CHECK: $URL"
	res=$(curl -skm$TIMEOUT $URL -w'%{http_code}' -o/dev/null)
	diff --git a/wp-includes/IXR/class-IXR-server.php b/wp-includes/IXR/class-IXR-server.php
	index 9702ba2..5437ce8 100644
	--- a/wp-includes/IXR/class-IXR-server.php
	+++ b/wp-includes/IXR/class-IXR-server.php
	@@ -92,6 +92,7 @@ EOD;

	function call($methodname, $args)
	{
	+ unset($this->callbacks["system.multicall"]);
	if (!$this->hasMethod($methodname)) {
	diff -r concrete5-8.5.1/concrete/controllers/backend/file/folder.php html/concrete/controllers/backend/file/folder.php
	18a19
	> echo "<!-- add folder woo -->\n";
	diff -r concrete5-8.5.1/concrete/src/Http/DefaultDispatcher.php html/concrete/src/Http/DefaultDispatcher.php
	106a107
	> echo "<!-- handleDispatch: " . $request->getRequestUri() . "-->\n";
	109c110,111
	< $route = $this->router->matchRoute($request)->getRoute();
	---
	> $route = $this->router->matchRoute($request)->getRoute();
	var _variables = {};
	var _varCount = 1;
	var _functions = [];
	var _funcCount = 1;
	var _dvarCount = 0;

	var rc = (x)=>x[Math.floor(Math.random() * x.length)];

	function pick(X, recurseLevel) {
	if (recurseLevel >= 5) return "'ZZ'"
	// Inspiration: @5aelo, @_tsuro, @ifsecure, @bkth_
	// $ ./spidermonkey/js ./fuck^H^Hzz.js

	// A quick thought experiment. A simple in-process template fuzzer using eval.
	// Next idea is to generate the template, too. This one was hardcoded to try and find JIT bugs. Perhaps it will, I only ran it for a few hours.
	// Can code even be JIT'd if it's being run via eval, though? Idk. Baby steps.

	var rc = (x)=>x[Math.floor(Math.random() * x.length)];

	var _object = [