Command injection vulnerability was identified in NPM package rising version 1.0.2
Resources:
- Project's NPM Package: https://www.npmjs.com/package/rising
- Project's NPM JS registery: https://registry.npmjs.org/rising
Splint3r7
/ nodejs-security-vulnerability-grep.sh
Created
October 5, 2024 09:06
— forked from nstarke/nodejs-security-vulnerability-grep.sh
Node.js Security Vulnerability Grep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this command will return instances where the child_process module is loaded. | |
| # that module is generally a good signal that the application is shelling out | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" . | |
| # this command will return instances where code is dynamically executed. | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" . | |
| # this command will check common dangerous functions and report when strings are arguments | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" . |
Splint3r7
/ domain_All-Live-Datadog-Sites.csv
Created
December 25, 2023 18:19
— forked from JorgeFraga/domain_All-Live-Datadog-Sites.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| domain | |
| 123rf.com | |
| 1stdibs.com | |
| 2u.com | |
| ba.com | |
| babylist.com | |
| bananatag.com | |
| baylor.edu | |
| bbcgoodfood.com | |
| bcm.edu |
Splint3r7
/ rising-1.0.2-command-injection.md
Last active
November 11, 2023 14:16
Command Injection Vulnerability in Rising 1.0.2
Splint3r7
/ names.json
Created
August 21, 2023 10:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| "express", | |
| "afnan" | |
| ] |
Splint3r7
/ CF_waf_generate.sh
Last active
December 27, 2022 19:22
bash script to genereate a firewall rule for CloudFlare WAF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| filename=$1 | |
| output_str="(" | |
| while read -r line; do | |
| output_str+="ip.src eq $line) or (" | |
| done < "$filename" | |
| output_str=${output_str% or (*} |
Splint3r7
/ npm-package-emails.py
Last active
November 1, 2022 06:48
Extract Emails from Npm Packge Names - https://api.npms.io/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| import concurrent.futures | |
| output_file = open("emails_res.txt", "w") | |
| def Emails(package): | |
| req = requests.get("https://api.npms.io/v2/package/{}".format(package)) |
Splint3r7
/ AllRubyGemNames.txt
Last active
October 31, 2023 06:54
Extract All Ruby Gem Names From - https://rubygems.org/gems
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a | |
| a-- | |
| A- | |
| a0 | |
| a0-tzmigration-ruby | |
| a1 | |
| a11n | |
| A_123 | |
| a1330ks_bmi | |
| a13g |
Splint3r7
/ tlds.txt
Created
September 20, 2022 11:19
Root Zone Database TLDs- https://www.iana.org/domains/root/db
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .aaa | |
| .aarp | |
| .abarth | |
| .abb | |
| .abbott | |
| .abbvie | |
| .abc | |
| .able | |
| .abogado | |
| .abudhabi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Coded by Geekink | |
| #!/usr/bin/env python3 | |
| import urllib.request | |
| import sqlite3 | |
| import os.path | |
| import re | |
| import math |
Splint3r7
/ plugin.php
Created
March 16, 2022 07:14
— forked from htdat/plugin.php
An intentionally vulnerable plugin developed for WordPress plugin author education. http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* Plugin Name: Damn Vulnerable WordPress Plugin | |
| * Description: Intentionally vulnerable plugin for plugin author education | |
| * Version: 0.1 | |
| * Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/ | |
| * Author: Jon Cave | |
| * Author URI: http://joncave.co.uk | |
| * License: GPLv2+ | |
| * | |
| * DO NOT RUN THIS PLUGIN ON AN INTERNET ACCESSIBLE SITE |
NewerOlder