Skip to content

Instantly share code, notes, and snippets.

View 1dayluo's full-sized avatar
😼
meow

ElainaDay 1dayluo

😼
meow
27 followers · 184 following
View GitHub Profile
@postmodern
postmodern / rails_rce.rb
Last active October 18, 2024 00:07
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@Zenexer
Zenexer / escapeshellrce.md
Last active October 11, 2024 16:26
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@mccabe615
mccabe615 / phpdangerousfuncs.md
Last active November 7, 2024 05:44
Dangerous PHP Functions

Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
@h4ckninja
h4ckninja / h2-exploit.py
Created September 25, 2018 08:08
#!/usr/bin/env python
'''
Exploit Title: Unauthenticated RCE
Date: 2018/09/24
Exploit Author: h4ckNinja
Vendor: http://www.h2database.com/
Version: all versions
Tested on: Linux, Mac
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active November 12, 2024 22:33
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@zapalote
zapalote / extract-gbooks-terms.py
Last active April 2, 2024 11:31
Example of multi-threading and memory mapped file processing.
# extraction pattern: ngram TAB year TAB match_count TAB volume_count NEWLINE
# out: unique_ngram TAB sum(match_count) NEWLINE
import re
import os, sys, mmap
from pathlib import Path
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor
abv = re.compile(r'^(([A-Z]\.){1,})(_|[^\w])') # A.B.C.
@Jonoans
Jonoans / exploit.py
Created June 20, 2020 15:13
import pickle
import base64
class RCE(object):
def __reduce__(self):
return (globals, () )
class RCEStr(object):
def __reduce__(self):
return (str, (RCE(), ) )