Skip to content

Instantly share code, notes, and snippets.

View vah13's full-sized avatar
🚀
hodl

vah_13 vah13

🚀
hodl
189 followers · 7 following
View GitHub Profile
@vah13
vah13 / urls_anon.txt
Last active May 18, 2020 10:59 — forked from Zombiehelp54/urls_anon.txt
/webdynpro/dispatcher/sap.com/bi~das~ui/webdynpro/Copy of sap.com~bi~das~ui/PORTAL-INF/com.sap.bi.das.ui.DasDesigner
/webdynpro/dispatcher/sap.com/acc_admin_welcome/com.sap.acc.admin.WelcomeApp
/webdynpro/dispatcher/sap.com/adminstudiolite/com.sap.portal.admin.acc.AdminRoleApp
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.rfc.Rfc
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.refreshdata.RefreshDataALV
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.testalv.TestALVWithExternalDialog
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.upload.Upload
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.readalvdata.ReadALVData
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.defaultcall.DefaultALV
/webdynpro/dispatcher/sap.com/bi~alv~sample/com.sap.ip.bi.alv.sample.editalv.EditALV
@vah13
vah13 / download.php
Last active January 24, 2019 15:45
Evil content-disposition
<?php
$fileList = glob('/var/www/html/uploads/*.jpg');
$fname = pathinfo($fileList[0])['basename'];
header('Content-Type: image/jpeg');
header("Content-disposition: attachment; filename=$fname");
readfile("/var/www/html/uploads/".$fname);
@vah13
vah13 / upload.phtml
Created January 24, 2019 15:27
Evil content-disposition
<html>
<body>
<form action="upload.phtml" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>