spacecowboy

from multiprocessing.managers import BaseManager
from mathenate import mathenate

#Define manager
class QueueManager(BaseManager): pass
QueueManager.register('get_job_queue')
QueueManager.register('get_result_queue')

#Connect to server
m = QueueManager(address=('my.computer.org', 50000), authkey='password')

pgooch

// The Base Function
wp_redirect('http://www.urlofsite.com/path/to/location',301);

/* This needs to be run on an action, or at least I wanted able to get it to run outside of an action, I suggest template_redirect */

// In Use Example
add_action('template_redirect', 'redirect');
function redirect(){
	if($redirect){
		wp_redirect(get_bloginfo('url').'/wp-content/plugins/redirector/site/index.php',302);

joncave

<?php   
/* Plugin Name: Damn Vulnerable WordPress Plugin
 * Description: Intentionally vulnerable plugin for plugin author education
 * Version: 0.1
 * Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
 * Author: Jon Cave
 * Author URI: http://joncave.co.uk
 * License: GPLv2+
 *              
 * DO NOT RUN THIS PLUGIN ON AN INTERNET ACCESSIBLE SITE

bueltge

WordPress Plugin Security Testing Cheat Sheet

• source: https://github.com/ethicalhack3r/wordpress_plugin_security_testing_cheat_sheet

This cheat sheet was compiled by Dewhurst Security to record the knowledge gained when testing WordPress plugins for security issues for our clients. The security documentation provided by WordPress and found online for plugin security is sparse, outdated or unclear. This cheat sheet is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins.

This is a living document, feedback in the form of Issues or Pull Requests is very much welcomed.

Cross-Site Scripting (XSS)

yangxuan8282

#!/bin/bash
# run this scripts with `bash emoji-info.sh` or `./emoji-info.sh`

usage() {
  cat << EOF
usage: $0 [options] <emoji>

Options:
  -h        Show this message
  -o        Octal Escape Sequence

WPprodigy

<?php
/* Plugin Name: Damn Vulnerable WordPress Plugin
 * Description: Intentionally vulnerable plugin for plugin author education
 * Version: 0.1
 * Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
 * Author: Jon Cave
 * Author URI: http://joncave.co.uk
 * Text Domain: damn-vulnerable-wordpress-plugin
 * License: GPLv2+
 *

cubehouse

// start with:
//   frida -U -l pinning.js -f [APP_ID] --no-pause

Java.perform(function () {
    console.log('')
    console.log('===')
    console.log('* Injecting hooks into common certificate pinning methods *')
    console.log('===')

    var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');

akabe1

/*  Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu
	
	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/

setTimeout(function() {
	Java.perform(function() {
		console.log('');

pich4ya

// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto ([email protected]): 
//  - I added extra whitelisted items to deal with the latest versions 
// 						of RootBeer/Cordova iRoot as of August 6, 2019
//  - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",

1mm0rt41PC

// start with:
//   frida -U -l pinning.js -f [APP_ID] --no-pause

Java.perform(function () {
	console.log('')
	console.log('===')
	console.log('* Injecting hooks into common certificate pinning methods *')
	console.log('===')

	var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');