Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Stars: ✭ 3,858 (+2405.19%)

Mutual labels: poc, cve

Cve 2019 1003000 Jenkins Rce Poc

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Stars: ✭ 270 (+75.32%)

Mutual labels: poc, cve

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Stars: ✭ 41 (-73.38%)

Mutual labels: exploits, cve

Gitlab rce

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Stars: ✭ 104 (-32.47%)

Mutual labels: ctf, cve

CVE-2021-44228-PoC-log4j-bypass-words

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Stars: ✭ 760 (+393.51%)

Mutual labels: poc, cve

PoC-CVE-2021-41773

No description or website provided.

Stars: ✭ 39 (-74.68%)

Mutual labels: poc, cve

Exploits

Miscellaneous exploit code

Stars: ✭ 1,157 (+651.3%)

Mutual labels: poc, exploits

View All Similar Projects ➔

A collection of exploits developed by @xer0dayz @XeroSecurity https://xerosecurity.com

Vulnserver.exe GMON SEH Overflow Exploit
FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass)
CoolPlayer+ Portable 2.19.6 Stack Overflow (ASLR Bypass)
HTTPoxy Exploit/PoC Scanner
Ability FTP 2.34 Buffer Overflow Exploit
Aruba AP-205 Buffer Overflow Denial of Service PoC
Brainpan1 CTF Buffer Overflow Exploit
CesarFTP 0.99g Buffer Overflow Exploit
Apache 2.2.x Range Header Denial of Service Exploit
GHOST Glibc Gethostbyname Buffer Overflow Exploit
PHP Serialization Injection Remote Code Execution Exploit
CrikeyConCTF Koala Gallery Exploit
Webmin 1.920 Unauthenticated RCE Metasploit Exploit

Bug Bounty Profiles

Public Exploits

Blogs

Social Media

Websites

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2018:

Featured in Hackin9 Magazine - Open Source Hacking Tools edition (https://hakin9.org/download/open-source-hacking-tools/) 8/2018
Jetty 6.1.6 Cross-Site Scripting (XSS) (https://seclists.org/fulldisclosure/2018/Aug/15) (Full Disclosure) 8/2018
Listed on the DoD Defense Travel System HoF 6/2018
Pre-qualified for the BugCrowd 2018 MVP research list (https://www.bugcrowd.com/bugcrowd-mvps-april-edition/) 4/2018
CVE-2018-8917 Synology-SA-18:14 - Reflected XSS in DSM 6.1.5-15254 (https://www.synology.com/en-us/security/advisory/Synology_SA_18_14) 3/2018
CVE-2018-6545 Ipswitch MoveIt v8.1 Stored Cross-Site Scripting (XSS) (https://www.exploit-db.com/exploits/43947) 2/2018
Multiple Cross-Site Scripting (XSS) vulnerabilities in Illustra IP Cameras ($600 bounty) 2/2018
Directory Traversal vulnerability in Illustra IP Cameras ($800 bounty) 2/2018
Remote Command Execution vulnerability in Illustra IP Cameras ($900 bounty) 2/2018
Listed on the BugCrowd 2017 MVP researcher list (https://www.bugcrowd.com/today-we-recognize-our-2017-mvp-researchers/) 1/2018

2017:

Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
Systemic Local File Inclusion in DEMO HomeKit Android Application ($3,000 bounty) 9/2017
Placed 7th in ToorConCTF CTF 8/2017
Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
Listed on the BugCrowd 2016 MVP list 1/2017

2016:

Placed 3rd on BugCrowd's Operation Code CTF 9/2016
1st place @DEFCON CMD+CTRL CTF 8/2016
HTTPoxy Exploit Scanner Exploit/PoC 7/2016
CVE-2016-1034 Zabbix SQL Injection 0day (www.cvedetails.com/cve/CVE-2016-10134/) 7/2016
CVE-2016-4401 Unauthenticated Database Credential Leak in Aruba ClearPass ($1,500 bounty) (https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt) 6/2016
Tied for 2nd place in BugCrowd Operation Code CTF 6/2016
Made the top 10 researcher list on BugCrowd 6/2016
Placed 2nd at CactusCon 2016 RootTheBox CTF 5/2016
Ranked 19th on BugCrowd's Worldwide Leaderboard Bug Bounty 5/2016
Charts 4 PHP 1.2.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135666/Charts-4-PHP-1.2.3-Cross-Site-Scripting.html) 2/2016
Open Web Analytics 1.5.7 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135948/Open-Web-Analytics-1.5.7-Cross-Site-Scripting.html) 2/2016
WordPress All In One SEO Pack 2.2.2 Cross Site Scripting (Full Disclosure) 2/2016
PSV-2016-0127: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053136/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0127) 1/2016
PSV-2016-0124: Cleartext Submission of Password In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000055105/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0124) 1/2016
PSV-2016-0116: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
PSV-2016-0136: Unrestricted Arbitrary File Upload In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136) 1/2016
PSV-2016-0114: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053135/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0114) 1/2016
PSV-2016-0113: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
PSV-2016-0131: Server Side Request Forgery in NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131) 1/2016

2015:

Made the top 10 researcher list on BugCrowd 11/2015
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015

2014:

Lyris ListManagerWeb 8.95a Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html) 7/2014
MyConnection Server (MCS) 9.7i Cross Site Scripting (Full Disclosure) (https://0day.today/exploit/description/22526) 7/2014
AlogoSec FireFlow 6.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127001/AlogoSec-FireFlow-6.3-Cross-Site-Scripting.html) 7/2014
Recieved Offensive Security Certified Professional (OSCP) certification 2/2014

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 154

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗