Skip to content

Instantly share code, notes, and snippets.

View SorcererBR's full-sized avatar
🎯
Focusing

Rodrigo Santos SorcererBR

🎯
Focusing
8 followers · 3 following
View GitHub Profile
@SorcererBR
SorcererBR / CVE-2023-41892-POC.md
Created December 14, 2023 02:19 — forked from to016/CVE-2023-41892-POC.md
CVE-2023-41892 (Craft CMS Remote Code Execution) - POC

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

@SorcererBR
SorcererBR / client.html
Created July 22, 2019 03:21 — forked from ericremoreynolds/client.html
Flask-socket.io emit to specific clients
<html>
<body>
<h1>I feel lonely</h1>
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/socket.io/0.9.16/socket.io.min.js"></script>
<script type="text/javascript" charset="utf-8">
var socket = io.connect('http://' + document.domain + ':' + location.port);
socket.on('connect', function() {
socket.emit('connected');