zPrototype

#!/bin/bash

if [ "$#" -lt 1 ] || [ "$#" -gt 3 ]
then
	echo "Usage: ./bypass.sh [OPTIONS] http://url/path/"
	echo "OPTIONS:"
	echo "	-c Return curl command if response is 200"
	echo "	-r Allow redirection if response is 3XX"
	exit
fi

lukepothier

// ==UserScript==
// @name         Defeat supercookie (https://github.com/jonasstrehle/supercookie)
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Prevent websites from tracking you using favicon fingerprinting
// @author       Luke Pothier <[email protected]>
// @match        https://*/*
// @match        http://*/*
// @grant        none
// ==/UserScript==

sumerzhang

Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
        "com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
        "com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
        "com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
        "de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
        "com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
        "eu.chainfire.supersu.pro", "com.kingouser.com"
    ];

joepie91

Video Downloader professional kmdldgcmokdpmacblnehppgkjphcbpnn background.js

NOTE: This is a fork of the original Gist, with the code made more readable, and additional analysis added.

This is the source of background.js for a now-unpublished Chrome extension called "Video Downloader professional" (ID kmdldgcmokdpmacblnehppgkjphcbpnn, since then replaced with another "Video Downloader professional" (ID bacakpdjpomjaelpkpkabmedhkoongbi). This script is republished here for educational / research purposes. It has initially been extracted from the extension’s archive available as v2.4 on https://www.crx4chrome.com/.

Why is this interesting?

The extension has appeared in malware discussions in the past. Its replacement of Video downloader professional "bacakpdjpomjaelpkpkabmedhkoongbi" seems related t

thibaudcolas

Video Downloader professional kmdldgcmokdpmacblnehppgkjphcbpnn background.js

This is the source of background.js for a now-unpublished Chrome extension called "Video Downloader professional" (ID kmdldgcmokdpmacblnehppgkjphcbpnn, since then replaced with another "Video Downloader professional" (ID bacakpdjpomjaelpkpkabmedhkoongbi). This script is republished here for educational / research purposes. It has initially been extracted from the extension’s archive available as v2.4 on https://www.crx4chrome.com/.

Why is this interesting?

The extension has appeared in malware discussions in the past. Its replacement of Video downloader professional "bacakpdjpomjaelpkpkabmedhkoongbi" seems related to the [ownership change of The Great Suspender](greatsuspender/thegreatsuspender#1263 (comment)

gvolluz

0059.co.kr
007.no
007airsoft.com
008.vista.kz
01186mb.ca
012.ca
01nii.ru
0286776498.com
0286780777.com
02asat.photoherald.com

trietptm

#summary Bookmarks List = Hacker Media =

== Blogs Worth It: == What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.

* http://carnal0wnage.blogspot.com/
* http://www.mcgrewsecurity.com/
* http://www.gnucitizen.org/blog/

• http://www.darknet.org.uk/

mndambuki

@echo off
title Activate Microsoft Office 2019 !
cls
echo ============================================================================
echo #Project: Activating Microsoft software products
echo ============================================================================
echo.
echo #Supported products:
echo - Microsoft Office Standard 2019
echo - Microsoft Office Professional Plus 2019

aiexz

OefcMxcunkm72Po71vVtX8zUN57vQtAC
PSKINdQe1GyxGgecYz2191H2JoS9qvgD
pHHlgpFt8Ka3Stb5UlTxcaEwciOeF2QM
61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
xTbXXOSBr0R65OcClImSwzadExoXU4tc
EJV3A4Mka2wPs7P8VBCO6xcpRe27iNJu
mEuInz8UH1ixLGJq4oQhEiJORERVG5xc
lkY0ng0XMo29zEhzyw3ibQfeEBxghwPF
syeCnFndQ8TE4qAGvhm9nZLBZOBgoLKd
7TeyFZ8oyLulHwYUOcSPzZ5w3cLYib61

FlatL1neAPT

Remote Code Execution via File Upload (CVE-2020-12255)


The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. 
The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. 
Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. 
since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. 


Steps To Reproduce-: