engn33r engn33r

pcaversaccio / compute_create2_address_zksync.vy

Last active May 15, 2024 07:19

Calculate the `CREATE2` address on zkSync using Vyper.

	# @version ^0.3.10


	_CREATE2_PREFIX: constant(bytes32) = 0x2020dba91b30cc0006188af794c2fb30dd8520db7e2c088b7fc7c103c00ca494


	@external
	@pure
	def compute_create2_address_zksync(salt: bytes32, bytecode_hash: bytes32, deployer: address, input: Bytes[4_096]=b"") -> address:
	constructor_input_hash: bytes32 = keccak256(input)

harisec / exploit_path_traversals_in_Java_webapps.txt

Created April 27, 2020 10:24

quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)

	so, you can read WEB-INF/web.xml. how can you escalate this issue?

	[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.

	use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
	https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
	with time you can build your own wordlist adding files you've discovered over time.
	use Burp Intruder for this, it's perfect for this job.
	sort Intruder results by status code so you can see instantly which files were found.

yassineaboukir / List of API endpoints & objects

Last active April 29, 2025 12:54

A list of 3203 common API endpoints and objects designed for fuzzing.