wofeiwo / Webcgi Exploits
Licence: apache-2.0
Multi-language web CGI interfaces exploits.
Stars: β 268
Labels
Projects that are alternatives of or similar to Webcgi Exploits
destiny-macros
A collection of Destiny 2 macros built with AutoHotKey
Stars: β 24 (-91.04%)
Mutual labels: exploit
awesome-list-of-secrets-in-environment-variables
π¦π Awesome list of secrets in environment variables π₯οΈ
Stars: β 538 (+100.75%)
Mutual labels: exploit
Shiro exploit
Apache Shiro εεΊεεζΌζ΄ζ£ζ΅δΈε©η¨ε·₯ε
·
Stars: β 252 (-5.97%)
Mutual labels: exploit
All-Discord-Exploits
This is a list of Discord console scripts, bugs and exploits.
Stars: β 34 (-87.31%)
Mutual labels: exploit
Exploits
Real world and CTFs exploiting web/binary POCs.
Stars: β 69 (-74.25%)
Mutual labels: exploit
Eternalblue
Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
Stars: β 150 (-44.03%)
Mutual labels: exploit
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: β 35 (-86.94%)
Mutual labels: exploit
Exploit Cve 2017 7494
SambaCry exploit and vulnerable container (CVE-2017-7494)
Stars: β 265 (-1.12%)
Mutual labels: exploit
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. π»π
Stars: β 544 (+102.99%)
Mutual labels: exploit
FlameCord
Patch for Waterfall to improve performance during attacks and fix memory issues.
Stars: β 103 (-61.57%)
Mutual labels: exploit
external-protocol-flooding
Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
Stars: β 603 (+125%)
Mutual labels: exploit
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: β 84 (-68.66%)
Mutual labels: exploit
om5p-ac-v2-unlocker
Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)
Stars: β 32 (-88.06%)
Mutual labels: exploit
log4j2-rce-exploit
log4j2 remote code execution or IP leakage exploit (with examples)
Stars: β 62 (-76.87%)
Mutual labels: exploit
xsymlink
Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.
Stars: β 18 (-93.28%)
Mutual labels: exploit
Jenkins Rce
π Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: β 262 (-2.24%)
Mutual labels: exploit
Remot3d
Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors
Stars: β 263 (-1.87%)
Mutual labels: exploit
CVE-2018-7750
an RCE (remote command execution) approach of CVE-2018-7750
Stars: β 18 (-93.28%)
Mutual labels: exploit
Web CGI Exploits
Here's several exploits related to different web CGIs. I wrote those exploits in last few years.
How it works
Web app are basicly those layers:
- applications
- web frameworks
- script language engines
- web containers(servers)
- web front proxy(nginx etc.)
-
4and5could be the same thing.3and4could the same thing too.
There are communications between each layer. each layer software are developed by different teams. they do have standards to communicate each other, but they always have misunderstandings or design faults. So we can take advantage of those faults to achieve our goals, like RCE, spwan a shell, port forward etc.
Exploits
PHP
-
Fastcgi
- Reference: PHP FastCGI Remote Exploit(Chinese)
-
fcgi_exp.gouse fastcgi to read or execute file if the fcgi port exposed to public( or with aSSRF). -
fcgi_jailbreak.phpuse fastcgi params to change some php ini configs and break php-based sandbox.
-
Apache Mod_php
- Reference: PHP Port Reuse With Mod_php(Chinese)
-
mod_php_port_reuse.phpreuse the 80 connection to spawn a interactive shell. Bypass the firewall. -
mod_php_port_proxy.pywork together withmod_php_port_reuse.php, create a 80 tcp proxy to bypass the firewall.
Python
- Uwsgi
- Reference: uWSGI RCE Exploit(Chinese)
-
uwsgi_exp.pyexploit uwsgi to execute any command remotely if the uwsgi port exposed to public( or with aSSRF).
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].