Code Monkey home page Code Monkey logo

writeups's People

Contributors

gbergeson avatar iamnoooob avatar rootxharsh avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

zimshk vinnyvinoth honoki akshay-scalegrowth slooppe yut0u shxdow sulaimanzai gbergeson elamaran619 stevejarvis cephurs jermainlaforce rwincey amaljithcf lex1010 optionalg tusharkeshav bikrambox ohoud21 tomyang9 alexjnirappil osmanatam f4tihsahin raystyle sv3nbeast nobox910 taiji-xo saugatasil dark0ghost brahst idkwim attacker-codeninja fbion owlonex angrypapa ith4cker rajesh6927 truebasic2011 safisec gsatyadev abdilahrf datascientist1976 magnologan 1n1t6sh3ll afwu polling-repo-continua longofo tounsi007 jin89 avaudioplayer kangd1w2 prettyrecon ltidi2000 dirtypipe prahs bb33bb githubliquid r1dd1er alio0820 kasjhkjasd filipesam system0ranchen schrodyn kejaly shino-337 c0de3 ramihub cybermonitor 0xrishabh demon1k shutupandhack-club sleepyeinstein rahimianes zha0 austinmac56 paweldefee 5m7x ckexploits okaayfine rassec mengmeng9921 hij139 x-f1v3 msommer21 themehdi mytfx therawman bbhunter dguaraglia rbcrack udahacker mariomejia127 fdlucifer hkzj r0ck3rt 0xcrane 4869aptx srmo sreuben04

writeups's Issues

Question about the Google Drive vulnerability

I find it hard to understand which component reads your custom SSRF header introduced here https://github.com/httpvoid/writeups/blob/main/Hacking-Google-Drive-Integrations.md#private-programs-partial-read-ssrf. You are using request smuggling (pipelining) but both requests, the original one as well as the extra one you are injecting, will hit http://www.googleapis.com/.

I understand that you may be using your own server to serve the downloadUrl url, but I'm still not following how that server of yours can receive the SSRF header value.

Any chance you could clarify it please?

Modification of payload to read variables in memory

Hello,

I am trying to modify the OGNL expression/payload to read variables INSTEAD of going the create process route.
More specifically I want to read the database parameters which are loaded into memory:
https://confluence.atlassian.com/confkb/how-to-find-confluence-s-database-connection-parameters-779172320.html#:~:text=Solution,xml%20file.

Do you know how to modify the payload to accomplish this? The learning curve for OGNL is steep, I have tried unsuccessfully to modify the payload for days. I don't know what I'm doing wrong.

If you knew the direction to take or could do this quickly it would mean so much to me.

Thanks

Hotfix update.sh

Hello,
Thank you for the detailed writeup.
while testing this on a VM with the hotfix installed, I wasn't able to get the same results as you do. Did you run the queries on the patched system or the unpatched one?
Thank you,
Aleks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.