Mr-xn/cve-2022-23131

Stars
151
Rank 246,057 (Top 5 %)
Language
Python
Created almost 3 years ago
Updated 3 months ago

Mr-xn/cve-2022-23131

Mr-xn

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131

cve-2022-23131 zabbix-saml-bypass-exp

replace [zbx_signed_session] to [cookie]

sign in with Single Sign-On (SAML)

author: @random-robbie、@jweny and @Mr-xn
link: https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage

Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

BurpSuite-collections

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

RedTeam_BlueTeam_HW

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

hackbar2.1.3

the free firefox extions of hackbar v2.1.3 v2.2.9 v2.3.1,hackbar 插件未收费的免费版本。适用于chrome浏览器的HackBar-v2.2.6.zip,HackBar-v2.3.1.zip

BLACKHAT_Asia2023

Black Hat Asia 2023 PDF Public

BLACKHAT_USA2022

BLACKHAT USA2022 PDF Public

sunlogin_rce

subdomain_shell

一键调用subfinder+ksubdomain+httpx 强强联合从域名发现-->域名验证-->获取域名标题、状态码以及响应大小最后保存结果,简化重复操作命令

JNDIExploit-1

一款用于 JNDI注入利用的工具，大量参考/引用了 Rogue JNDI 项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。（from https://github.com/feihong-cs/JNDIExploit）

kms-server-deploy

一键搭建kms激活服务端&&Windows客户端一键激活脚本

spring-core-rce

CVE-2022-22965 : about spring core rce

HCMendetool

HCM宏景加解密工具

CVE-2022-24112

CVE-2022-24112：Apache APISIX apisix/batch-requests RCE

CVE-2021-42342

CVE-2021-42342 RCE

CVE-2022-40127

Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC

burpsuite_pro_for_mac

A script to easily activate the macOS version of Burp Suite Professional [Free]

thinkphp_lang_RCE

about thinkphp lang RCE QVD-2022-46174 v6.0.1 <= Thinkphp <= v6.0.13 Thinkphp v5.0.x Thinkphp v5.1.x

ShellcodeLoader

该项目为Shellocde加载器，详细介绍了我们如何绕过防病毒软件，以及该工具如何使用

CVE-2022-24086

CVE-2022-24086 about Magento RCE

CrossC2

来自 gloxec 的 CrossC2 frameworkfork 备份 2.0版本

CVE-2023-28432

CVE-2023-28434 nuclei templates

CVE-2024-36401

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

CVE-2022-21371

Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion

CVE-2021-43798

CVE-2021-43798:Grafana 任意文件读取漏洞

CVE-2024-32113

Apache OFBIZ Path traversal leading to RCE POC[CVE-2024-32113 & CVE-2024-36104]

Joker

一款基于Http.sys的利用工具 ZhuriLab/Joker 备份

CVE-2022-25064

k3_packages_backup

k3的固件和插件备份仓库，Mac下解决音乐解锁插件证书到期，升级ssr-plus和v2ray版本,以及xray

CVE-2023-23333

SolarView Compact through 6.00 downloader.php commands injection (RCE) nuclei-templates

infohunter

pentester payload ,info hunte

check_proxy

Multi-threaded socks proxy checker written in Go!

Onekey-Open-BT-panel-ssl-with-domain

宝塔(bt.cn)面板开启域名登录并且使用域名证书,解决浏览器信任证书问题,强迫症福音@_@

Kill_zsxq_Watermark

清除知识星球水印（包括文章、首页、topic等部分）

CVE-2024-36991

Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows

CNVD_Modify

适用于CNVD的篡改猴（Tampermonkey、Greasemonkey）脚本

CVE-2021-26855-d

CVE-2022-3328

CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

Mr-xn

Kali-install-docker

Docker-ce Install script for Kali

zhihuishu

2018新版智慧树视频自动播放刷课chrome插件

modify_freebuf_pic

支持t00ls.com文章图片放大&去除 freebuf.com 的文章部分的图片末尾追加的 !small ，让图片直接显示最佳尺寸而不是缩小版的，不需要点击放大查看，方便查看文章。

hysteria_mac.sh

hysteria shell script for Mac

CVE-2023-43482

TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability

sqli-scripts

Scripts that make SQL injection faster, more convenient, and easier

TG

server-bash-script

some useful server bash script

scrapy_douban_top250movie

Use Python Scrapy crawl douban.com/top250

seniverse_location

seniverse api location code

bt770back