About this repository

This folder contains a compilation of the exploit and POCs from various online sources.

About each file:

- Apache-Struts-Exploit:

Apache Struts CVE-2018-11776 Exploit written in Python. Get RCE in one click.

- Rohan's CORS Exploit:

HTML Exploit for Cross-Origin Resource Sharing where ALL origins are allowed.

- Rohan's CORS POC Null origin allowed:

HTML Exploit for Cross-Origin Resource Sharing where NULL origins are allowed.

- XML-to-XSS.xml:

XML file upload leading to Cross-Site Scripting. If the attack is successful, you will see a pop-up box containing: "Alert by Rohan's XML-to-XSS File!".

- SWF-to-XSS.swf:

ShockWave Flash file upload leading to Cross-Site Scripting.

- BMP-to-XSS.bmp:

BitMap file upload leading to Cross-Site Scripting.

- dos-using-xml.xml:

XML External Entity Injection attack leading to DOS Attack. Billion Laugh attack exploit.

- rohan-exif-poc.jpg:

EXIF Geolocation coordinates POC leading to Personal Information Leakage.

- rohan-pixel-flood-attack-poc.jpg:

Lots of Pixels are loaded in memory leading to a DOS Attack. Pixel Flood attack exploit.

- svg-to-xss.svg:

SVG File Upload leading to Cross-Site Scripting. If the attack is successful, you will see a pop-up box containing: "This is the alert box by Rohan's SVG file.".

- svg-to-xxe-linux.svg:

SVG File Upload leading to XML External Entity Attack. This file is for Unix based system as it includes /etc/passwd file. If the attack is successful, you will see contents of /etc/passwd.

- svg-to-xxe-windows.svg:

SVG File Upload leading to XML External Entity Attack. This file is for Windows-based systems as it includes /c:/boot.ini file. If the attack is successful, you will see the contents of /c:/boot.ini

- gif-to-xss.gif:

GIF File Upload leading to Cross-Site Scripting.

Credits go to the respective authors.

Happy Hacking!:heart: