-
Keypoints:
- Made a bad ODT file to to leak NetNTLM Creds (https://github.com/rmdavy/badodf/blob/master/badodt.py) and impacket-smbserver can receive NetHTLM hash info --> Use `hashcat -m 5600` or j…
-
### Rationale
At present, garble provides a `reverse` subcommand that enables consumers to map obfuscated identifiers back to their plain counterparts as needed.
There are cases where this is no…
-
Back in 2018, Google added some restrictions to their browser to prevent a security issue with DevTools where a malicious webpage may be able to control the browser. This issue was documented over at …
-
**Is your feature request related to a problem? Please describe.**
Any client with access to the JSONRPC API can execute arbitrary code on the host. This is a security problem.
I wrote a quick pro…
-
-
| --- | --- |
| Bugzilla Link | [233231](https://bugs.eclipse.org/bugs/show_bug.cgi?id=233231) |
| Status | REOPENED |
| Importance | P3 normal |
| Reported | May 21, 2008 10:17 EDT |
| Modified …
-
## Steps to reproduce
- I used a source install, from the official repo on `master` branch
- git clone [...]
- Used `rvm` to setup a ruby env match the `.ruby-version`
- `rvm install ruby-…
-
Key points:
- codoforum --> Remote Code Execution (RCE) 50978.py (but, finally we upload reverse php file manually)
- password is in /var/www/html/sites/default/config.php
-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.
-
Keypoints:
- /phpinfo --> got user name info "Shenzi"
- One useful tip for lab machines is to try out any useful keywords you’ve identified so far **to identify directories, usernames or passwords**…