Skip to content

Instantly share code, notes, and snippets.

View tcbutler320's full-sized avatar
:octocat:
Working on @OpenXSS

Tyler Butler tcbutler320

:octocat:
Working on @OpenXSS
40 followers · 2 following
View GitHub Profile
@tcbutler320
tcbutler320 / injectme.js
Created December 14, 2021 03:01
* injectme-js
Created By: Matthew Fuller - matthewdfuller.com
Description: injectme.js is a post-exploitation script loaded on a remote page susceptible to
cross-site scripting. It is designed as a proof-of-concept for easily demonstrating the effects
of cross-site scripting vulnerabilities. Instead of loading a standard XSS alert popup, use this
script to show that user data can be captured without any notice to the user and sent back to a
remote server which you own.
License: This script is released as-is, free and open-source. You can modify it as needed.
*/
@tcbutler320
tcbutler320 / AKCP-sensorProbe-XSS.txt
Created August 27, 2021 23:10
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
# Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
# Date: 07-01-2021
# Exploit Author: Tyler Butler
# Vendor Homepage: https://www.akcp.com/
# Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/
# Advisory: https://tbutler.org/2021/06/28/cve-2021-35956
# Version: < SP480-20210624
# CVE: CVE-2021-35956
# Description: Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
@tcbutler320
tcbutler320 / PHP-Timeclock-1.04-XSS.txt
Created August 27, 2021 22:56
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
# Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
# Date: May 3rd 2021
# Exploit Author: Tyler Butler
# Vendor Homepage: http://timeclock.sourceforge.net
# Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/
# Version: 1.04
# Tested on: PHP 4.4.9/5.3.3 Apache 2.2 MySql 4.1.22/5
Description: PHP Timeclock version 1.04 (and prior) suffers from multiple Cross-Site Scripting vulnerabilities
@tcbutler320
tcbutler320 / PHP-Timeclock-1.04-SQLi.txt
Created August 27, 2021 22:54
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
# Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
# Date: 03.05.2021
# Exploit Author: Tyler Butler
# Vendor Homepage: http://timeclock.sourceforge.net
# Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/
# Version: 1.04
# Tested on: PHP 4.4.9/5.3.3 Apache 2.2 MySql 4.1.22/5
Description: PHP Timeclock is vulnerable to both Boolean and Time Based SQL Injection on login.php via the login_userid parameter. This PoC shows how SQLmap can be used to exploit this vulnerability to dump database contents
@tcbutler320
tcbutler320 / CVE-2021-3441.py
Created August 27, 2021 22:25
Proof of Concept Exploit for CVE-2021-3441 - HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS)
# Exploit Title: HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 01/08/2021
# Exploit Author: Tyler C Butler
# twitter: https://twitter.com/tbutler0x90
# github: https://github.com/tcbutler320
# website: https://tbutler.org/
# Linkedin: https://www.linkedin.com/in/tyler-b-a700a1aa/
# Vendor Homepage: https://www8.hp.com/
# Software Link: https://support.hp.com/us-en/product/HP-Officejet-4600-e-All-in-One-printer-series/5305049/model/5305050
@tcbutler320
tcbutler320 / PHP-Timeclock-Login
Created May 14, 2021 12:20
if (isset($_POST['login_userid']) && (isset($_POST['login_password']))) {
$login_userid = $_POST['login_userid'];
$login_password = crypt($_POST['login_password'], 'xy');
$query = "select empfullname, employee_passwd, admin, time_admin from ".$db_prefix."employees
where empfullname = '".$login_userid."'";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result)) {
@tcbutler320
tcbutler320 / TimeClock-Software-Docker-Compose
Created May 14, 2021 11:23
version: '3.2'
services:
php-apache:
depends_on:
- db
build:
context: ./timeclock
ports:
- 80:80
volumes:
@tcbutler320
tcbutler320 / PHP-Timeclock-1.04-Vulnerable-Login
Last active May 14, 2021 12:10
<?php
session_start();
include 'config.inc.php';
include 'header.php';
include 'topmain.php';
echo "<title>$title - Admin Login</title>\n";
$self = $_SERVER['PHP_SELF'];
@tcbutler320
tcbutler320 / jekyll tricks
Created May 11, 2021 18:52
Jekyll tricks
## Making References
This is a reference[<sup>1</sup>]({{ page.url }}/#ref1)
<p id="ref1"><small>[1] HP Inc, https://www.hp.com/us-en/shop/pdp/hp-officejet-4630-e-all-in-one-printer</small><p>
@tcbutler320
tcbutler320 / keybase.md
Created January 14, 2021 22:21

Keybase proof

I hereby claim:

  • I am tcbutler320 on github.
  • I am tbutler320 (https://keybase.io/tbutler320) on keybase.
  • I have a public key ASCEuEQ9G8HqDLiy0ISr-6ZKa0dIV4WGNO1Dx1PqnjVuggo

To claim this, I am signing this object: