Skip to content

Instantly share code, notes, and snippets.

View toufik-airane's full-sized avatar

Toufik Airane toufik-airane

308 followers · 172 following
View GitHub Profile
@win3zz
win3zz / ServiceNow_Sensitive_Info_Exposure.md
Last active July 8, 2024 13:59
ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

  • Date: 26 June 2023
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • Discovered by: Bipin Jitiya (@win3zz)

Summary

[REDACTED], Inc., uses ServiceNow with an instance named "[REDACTED]" accessible at https://[REDACTED].service-now.com/. Upon reviewing this instance, I observed that it is not sufficiently hardened for security, and some endpoints are exposing sensitive information. The following three endpoints, designed for performance monitoring, logging, and troubleshooting purposes, are accessible without authentication:

@MerlinEgalite
MerlinEgalite / CreateSelfdestruct.sol
Last active May 26, 2023 06:24
Tornado Cash Governance Hack
pragma solidity >=0.8.0;
import "forge-std/Test.sol";
import "forge-std/console2.sol";
contract ContractA {
function destroy() public {
selfdestruct(payable(0));
}
@virattt
virattt / chatbot_memory_pdfs.ipynb
Last active January 3, 2024 14:05
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@FLX-0x00
FLX-0x00 / pd_docker_pipeline.sh
Created October 13, 2021 13:17
projectdiscovery tools docker pipeline with domain name as input
#!/bin/bash
# first parameter is passed to subfinder as the target domain
docker pull projectdiscovery/nuclei
docker pull projectdiscovery/httpx
docker pull projectdiscovery/naabu
docker pull projectdiscovery/dnsx
docker pull projectdiscovery/subfinder
docker pull projectdiscovery/notify
@PaulSec
PaulSec / nuclei.sh
Created August 20, 2021 07:06
Nuclei bash script to automate discovery with httpx and scanning and store results in /tmp/nuclei/<date>/
#!/bin/bash
set -x
foo=`date +'%Y_%m_%d'`
database="/path/to/my/sql_app.db"
nucleitemplates="/path/to/my/nuclei-templates/"
cd $nucleitemplates
git pull
output_folder="/tmp/nuclei/$foo"
mkdir -p $output_folder
echo -e ".mode csv\n.out /tmp/nuclei/$foo/domains.csv\nselect domain from domain;" | sqlite3 $database
@fransr
fransr / logger.js
Last active August 6, 2022 06:36
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
var logger = console.trace;
// ELEMENT
;(getElementByIdCopy => {
Element.prototype.getElementById = function(q) {
logger('getElementById', q, this, this.innerHTML);
return Reflect.apply(getElementByIdCopy, this, [q])
}
})(Element.prototype.getElementById)
@Frycos
Frycos / CSM_pocs.md
Created November 16, 2020 18:55

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

@toufik-airane
toufik-airane / content_discovery.txt
Last active November 30, 2023 17:14
content_discovery.txt
defaults.env
release.zip
js/config.js
js/credentials.js
js/secrets.js
js/keys.js
js/password.js
js/api_keys.js
js/auth_tokens.js
js/access_tokens.js
@dmaasland
dmaasland / Invoke-Procdump.ps1
Created November 27, 2019 12:28
$Source = @"
using System;
using System.Runtime.InteropServices;
namespace ProcDump {
public static class DbgHelp {
[DllImport("Dbghelp.dll")]
public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
}
}
@nullenc0de
nullenc0de / auto_git_query
Last active July 13, 2024 08:51
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI