BuffaloWill

Summary

This document has references and notes from the OWASP Global AppSec 2024 talk; "GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities".

Author

• Github: BuffaloWill
• LinkedIn: Will Vandevanter

BuffaloWill

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import sys
import requests
import soft404

###
# usage:
#   - The script prints the URL to stdout if it is unlikely to be a soft 404. 

BuffaloWill

aw
atom
atomcat
atomsvc
ccxml
cdmia
cdmic
cdmid
cdmio
cdmiq

BuffaloWill

[
{"desc":"Andrew Toolkit","mime":["application/andrew-inset"],"ext":["N/A"]},
{"desc":"Applixware","mime":["application/applixware"],"ext":["aw"]},
{"desc":"Atom Syndication Format","mime":["application/atom+xml"],"ext":["atom"]},
{"desc":"Atom Publishing Protocol","mime":["application/atomcat+xml"],"ext":["atomcat"]},
{"desc":"Atom Publishing Protocol Service Document","mime":["application/atomsvc+xml"],"ext":["atomsvc"]},
{"desc":"Voice Browser Call Control","mime":["application/ccxml+xml,"],"ext":["ccxml"]},
{"desc":"Cloud Data Management Interface (CDMI) - Capability","mime":["application/cdmi-capability"],"ext":["cdmia"]},
{"desc":"Cloud Data Management Interface (CDMI) - Contaimer","mime":["application/cdmi-container"],"ext":["cdmic"]},
{"desc":"Cloud Data Management Interface (CDMI) - Domain","mime":["application/cdmi-domain"],"ext":["cdmid"]},

BuffaloWill

# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

application/1d-interleaved-parityfec
application/3gpdash-qoe-report+xml
application/3gpp-ims+xml
application/a2l
application/activemessage
application/alto-costmap+json
application/alto-costmapfilter+json
application/alto-directory+json

BuffaloWill

irb --simple-prompt --noecho
require 'ipaddr'

# RFC 1918
# 10.0.0.0/8, 172.16.0.0/12,  192.168.0.0/16
#IPAddr.new("10.0.0.0/8").to_range.to_a.each{ |ip| puts ip }
#IPAddr.new("172.16.0.0/12").to_range.to_a.each{ |ip| puts ip }
#IPAddr.new("192.168.0.0/16").to_range.to_a.each{ |ip| puts ip }

# prints up to NUM ips from the range

BuffaloWill

00
01
02
03
04
05
06
07
08
09

BuffaloWill

#!/usr/bin/ruby

# deps
# gem install curb dnsruby
# 
# might need on ubuntu:
#  sudo apt-get install libcurl4-openssl-dev

require 'json'
require 'curb'

BuffaloWill

#!/bin/sh
cmd=`basename $0`

CWD=`pwd`
SCRIPTDIR=/opt/Serpico/embedded/bin
EMBEDDED=/opt/Serpico/embedded
SERPDIR=/opt/Serpico/Serpico

uname=$1
pass=$2

BuffaloWill

# Author: https://github.com/ncolyer-r7

FROM ubuntu:14.04
MAINTAINER Todo

# Packages & Environment Variables
ENV SRP_ROOT /Serpico
ENV GEM /usr/local/rvm/rubies/ruby-2.1.5/bin/gem
ENV BUILD_PACKAGES bash sudo curl vim git gawk g++ gcc make libc6-dev libreadline6-dev zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgmp-dev libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev