kunte0 / phar-jpg-polyglot
Phar + JPG Polyglot generator and playground (CTF CODE)
☆75Updated 6 years ago
Alternatives and similar repositories for phar-jpg-polyglot:
Users that are interested in phar-jpg-polyglot are comparing it to the libraries listed below
- This tool is for letting you know how strong your disable_functions is and how you can bypass that.☆119Updated 5 years ago
- Burp Extension that copies a request and builds a FFUF skeleton☆108Updated last year
- LFI to RCE via phpinfo() assistance or via controlled log file☆60Updated last year
- ☆39Updated last year
- PP-finder Help you find gadget for prototype pollution exploitation☆146Updated 5 months ago
- A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection☆69Updated 3 years ago
- Wordlist to bruteforce for LFI☆118Updated 5 years ago
- Root shell PoC for CVE-2021-3156☆63Updated 3 years ago
- Tool to enable blind sql injection attacks against websockets using sqlmap☆58Updated last year
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆103Updated 9 months ago
- ☆158Updated 3 years ago
- https://github.com/timip/OSWE☆19Updated 5 years ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆151Updated 4 months ago
- A python based minimal DNS server to test/verify DNS rebinding attacks☆37Updated last year
- ImageMagick LFI PoC [CVE-2022-44268]☆52Updated last year
- Aspx reverse shell☆98Updated 4 years ago
- Exploits targeting Symfony☆197Updated 3 months ago
- NotSoCereal: A Deserialization exploit playground☆51Updated 3 years ago
- Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege e…☆52Updated 2 years ago
- Becoming the spider, crawling through the webs to catch the fly.☆72Updated 3 years ago
- Need any help bypassing CSP ?☆25Updated 4 years ago
- Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpick…☆104Updated last year
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆117Updated last year
- RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer☆54Updated 5 years ago
- Collection of quirky behaviours of code and the CTF challenges that I made around them.☆27Updated 3 years ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆128Updated last month
- Workshop given at Hack in Paris 2019☆121Updated last year
- This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.☆54Updated last year
- Dockerized labs For Web Expert (OSWE) certification. Preparation for coming AWAE Training ...☆96Updated 3 years ago
- Enumerate / Dump Docker Registry☆166Updated 9 months ago