Skip to content

Instantly share code, notes, and snippets.

View z0rs's full-sized avatar

z0rs

11 followers · 0 following
View GitHub Profile
@z0rs
z0rs / cdn.apac.coca-cola.com-Takeover.md
Last active February 22, 2023 03:48

Penelitian Potensi cdn.apac.coca-cola.com Takeover pada Layanan AWS *.cloudfront.net

Pendahuluan

Subdomain takeover adalah sebuah metode hacking yang memanfaatkan subdomain yang tidak digunakan pada suatu domain tertentu dan kemudian mengambil alih kontrol subdomain tersebut. Salah satu layanan cloud yang populer digunakan oleh banyak perusahaan adalah Amazon Web Services (AWS), dimana layanan ini menyediakan layanan content delivery network (CDN) yang disebut dengan Amazon CloudFront. Pada penelitian ini akan dilakukan analisis terhadap potensi subdomain takeover pada layanan AWS CloudFront. Tujuan dari penelitian ini adalah untuk mengetahui potensi subdomain takeover pada layanan AWS CloudFront, memberikan rekomendasi mitigasi dan memberikan skor CVSS untuk kerentanan yang ditemukan.

Analisis

Subdomain cdn.apac.coca-cola.com terhubung ke alamat d3h9qwiumi1evg.cloudfront.net yang merupakan alamat CloudFront. CloudFront adalah layanan content delivery network (CDN) dari AWS yang

@z0rs
z0rs / Subdomain-Takeover.md
Last active March 15, 2023 10:49

Research Report on Potential Subdomain Takeover on sendgrid.net Service

thumbnail

List of contents:

  • Abstract
  • Introduction
  • Analysis
  • CVSS Score
  • Impact
@z0rs
z0rs / Red-Teaming-tool.md
Last active May 18, 2024 06:41
@z0rs
z0rs / Red-Teaming-AD.md
Created March 7, 2023 14:29
@z0rs
z0rs / Cobalt-Strike.md
Created March 7, 2023 14:49
@z0rs
z0rs / CRTP.md
Created March 7, 2023 14:52
@z0rs
z0rs / rfc4380.txt
Created May 8, 2023 13:55
Network Working Group C. Huitema
Request for Comments: 4380 Microsoft
Category: Standards Track February 2006
Teredo: Tunneling IPv6 over UDP
through Network Address Translations (NATs)
Status of This Memo
@z0rs
z0rs / Recon.md
Created May 10, 2023 08:38
#!/usr/bin/env zsh
# Download JSON file containing a list of bug bounty programs and their domains
curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"
# Create folders for each bug bounty program
cat chaos-bugbounty-list.json | jq -r '.programs[] | select(.bounty==true) | .name' | while read folder; do mkdir -p "$folder" -v; done
# For each bug bounty program, get the domains and save them to a file
for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r '.programs | length'); i++ ))
@z0rs
z0rs / CVE-2023-22731.md
Last active January 24, 2024 03:44
title date
Server Side Template Injection via Twig Security Extension
2023-04-15

Overview:

Shopware is an e-commerce platform that is open source and built on the Symfony Framework and Vue.js. The default storefront of Shopware 6, called Shopware 6 Storefront, is based on Twig and Bootstrap. Users can customize the appearance of their storefront by using extensions (previously known as plugins) to override the default Twig template files. These custom themes can be enabled using the included Shopware 6 Administration panel.

Summary:

Please note that this is a bypass of CVE-2023-22731, which is being tracked as issue NEXT-24667 by Shopware.

@z0rs
z0rs / CVE-2021-43062.md
Created August 7, 2023 14:04

Vulnerability Assessment Report - CVE-2021-43062

Executive Summary:

I am happy to share vulnerability findings on Fortinet FortiMail, focusing on versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, and v6.0.11 & below. During this assessment, I was able to identify an unpatched XSS (Cross-Site Scripting) vulnerability, tagged as CVE-2021-43062. The vulnerability allowed arbitrary code execution via a specially crafted HTTP GET request to the FortiGuard URI protection service.

Product Fortinet FortiMail
Vendor Fortinet
Severity Medium
Affected Versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, v6.0.11 & below