KR. Laboratories krlabs
🇺🇦
krlabs
/ exifxss.py
Created
October 6, 2024 15:39
— forked from hash3liZer/exifxss.py
Embedding XSS payloads in the Exif Metadata fields of and image
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import subprocess | |
| exifs = [ | |
| "ImageDescription", | |
| "Make", | |
| "Model", | |
| "Software", | |
| "Artist", | |
| "Copyright", |
krlabs
/ wpms-smtp-disable-ssl-verify.php
Created
October 1, 2022 18:30
— forked from slaFFik/wpms-smtp-disable-ssl-verify.php
WP Mail SMTP: when using SMTP mailer - disable SSL verify on PHP 5.6+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| add_filter('wp_mail_smtp_custom_options', function( $phpmailer ) { | |
| $phpmailer->SMTPOptions = array( | |
| 'ssl' => array( | |
| 'verify_peer' => false, | |
| 'verify_peer_name' => false, | |
| 'allow_self_signed' => true | |
| ) | |
| ); |
krlabs
/ wordpress_content_injection.py
Created
August 25, 2022 16:37
— forked from budanthara/wordpress_content_injection.py
Wordpress content injection exploit by snoww0lf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| """ | |
| Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
| REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post | |
| Wordpress Version Affected: 4.7.0/4.7.1 | |
| 2017 - Coded by snoww0lf. | |
| """ | |
| import re |
krlabs
/ htaccess-php-malware-protection.txt
Created
January 27, 2022 14:45
— forked from r3code/htaccess-php-malware-protection.txt
.htaccess правила для предотвращения исполнения вредоносных PHP-скриптов
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Блокировка XSS | |
| RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] | |
| # Блокируем выставление переменной PHP GLOBALS через URL | |
| RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
| # Блокируем возможность изменять переменную _REQUEST через URL | |
| RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | |
| # Блокировка MySQL инъекций, RFI, base64, и др. | |
| RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] | |
| RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] |