POCs For Various Exploits and Vulnerabilities

This document provides proofs of concept (POCs) for various exploits and vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), insecure direct object references (IDOR), unrestricted file upload (UFU), local file inclusion (LFI), deserialization, race conditions, brute force attacks, SQL injection, and privilege escalation. It lists specific bug bounty reports and vulnerabilities that demonstrate each type of exploit.

Uploaded by

Akhilesh Gokhale

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

338 views2 pages

POCs For Various Exploits and Vulnerabilities

Uploaded by

Akhilesh Gokhale

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

POCs for various exploits and

vulnerabilities
POC for XSS:
Cross site scripting (XSS) is a common attack vector that injects malicious code into a
vulnerable web application.
● AirBnb Bug Bounty: Turning Self-XSS into Good
● Google XSS Turkey
● How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
● Uber XSS via Cookie

POC for RCE

Remote Code Evaluation is a vulnerability that can be exploited if user input is injected into a
File or a String and executed (evaluated) by the programming language's parser.
● PayPal Inc Bug Bounty #114 - JDWP RCE Vulnerability
● How I Hacked Facebook, and Found Someone's Backdoor Script
● JetBrains IDE Remote Code Execution and Local File Disclosure

POC for IDOR:

Insecure direct object references (IDOR) are a type of access control vulnerability that arises
when an application uses user-supplied input to access objects directly.
● Change any Uber user's password through /rt/users/passwordless-signup - Account
Takeover (critical)
● DOB disclosed using “Facebook Graph API Reverse Engineering
● Change the description of a video without publish_actions permission
● View liked tweets of private account via publish.twitter.com
● Facebook Vulnerability - Delete Any Video on Facebook

POC for UFU:

Unrestricted File Upload (UFU) is a vulnerability that exploits bugs in content-ltering checks in
a server-side web application
● Unrestricted File Upload to RCE | Bug Bounty POC

POC for LFI:

Local File Inclusion generally occurs when an application is trying to get some information from
a particular server where the inputs for getting a particular file location are not treated as a
trusted source.
● Reading local files from Facebook's server (fixed)
POC for Deserialization:
Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of
an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it
being deserialized.
● Remote Code Execution Vulnerability
● Instagram's Million Dollar Bug
● EXPLOITING JAVA DESERIALIZATION VIA JBOSS

POC for Race Condition:

A race condition attack happens when a computing system that's designed to handle tasks in a
specific sequence is forced to perform two or more operations simultaneously
● Race conditions on Facebook, DigitalOcean and others (fixed)

POC for brute force:

A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying
every key on your key ring, and eventually finding the right one.
● InstaBrute: Two Ways To Brute-Force Instagram Account Credentials
● How I Could Compromise 4% (Locked) Instagram Accounts

POC for SQL:

SQL injection is a code injection technique, used to attack data-driven applications, in which
malicious SQL statements are inserted into an entry field for execution.
● GitHub Enterprise SQL Injection
● Yahoo – Root Access SQL Injection

POC for Privilege Escalation:

Privilege escalation happens when a malicious user exploits a bug, design flaw, or configuration
error in an application or operating system to gain elevated access to resources that should
normally be unavailable to that user.
● Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalation: Writeup + POC

CBBH Exam Tips
No ratings yet
CBBH Exam Tips
1 page
EJPTv2 Examen Cheatsheet - Pdf.es - en
100% (1)
EJPTv2 Examen Cheatsheet - Pdf.es - en
29 pages
Bug Bounty Blueprint A Beginners Guide
No ratings yet
Bug Bounty Blueprint A Beginners Guide
34 pages
Demo Pentest Report 1709741204
No ratings yet
Demo Pentest Report 1709741204
19 pages
HTTP Request Splitting
No ratings yet
HTTP Request Splitting
68 pages
Schenck Process Manual
80% (5)
Schenck Process Manual
2 pages
Active Directory Exploitation Cheat Sheet: Share
100% (1)
Active Directory Exploitation Cheat Sheet: Share
14 pages
SEC542 CTF Draft Presentation
No ratings yet
SEC542 CTF Draft Presentation
7 pages
2007 Mopar Accessories Jeep
No ratings yet
2007 Mopar Accessories Jeep
119 pages
Lectures Problems
No ratings yet
Lectures Problems
53 pages
Bug Bounty Tips - Tricks
No ratings yet
Bug Bounty Tips - Tricks
101 pages
Attacking Authentication Mechanisms - @CyberFreeCourses
No ratings yet
Attacking Authentication Mechanisms - @CyberFreeCourses
78 pages
God Level Cyber Resources
No ratings yet
God Level Cyber Resources
16 pages
Bug Bounty Course LEAK 2023
No ratings yet
Bug Bounty Course LEAK 2023
1 page
Mis Fallos en Ejptv2.PDF - Es.en
No ratings yet
Mis Fallos en Ejptv2.PDF - Es.en
6 pages
Bug Hunting
No ratings yet
Bug Hunting
2 pages
EJPT Notes 2022 PDF
No ratings yet
EJPT Notes 2022 PDF
9 pages
Week 3 - SQL Injection
No ratings yet
Week 3 - SQL Injection
17 pages
Android Pentest Course - 231111 - 234710
No ratings yet
Android Pentest Course - 231111 - 234710
7 pages
Bug Bounty Advanced Course
No ratings yet
Bug Bounty Advanced Course
3 pages
@FsKnockouT-23. Web Attacks
No ratings yet
@FsKnockouT-23. Web Attacks
57 pages
Agile HTB
100% (1)
Agile HTB
22 pages
Pentesting Cheatsheet2
No ratings yet
Pentesting Cheatsheet2
64 pages
Bug Bounty
No ratings yet
Bug Bounty
3 pages
XSS Validator
No ratings yet
XSS Validator
17 pages
Udemy - Web Pentesting Course Slides
100% (1)
Udemy - Web Pentesting Course Slides
103 pages
Zion: 1.1 Vulnhub Walkthrough: Penetration Testing Methodology
No ratings yet
Zion: 1.1 Vulnhub Walkthrough: Penetration Testing Methodology
15 pages
Hack2Secure Web Application Security Testing Courses
No ratings yet
Hack2Secure Web Application Security Testing Courses
5 pages
Guide To SSRF
No ratings yet
Guide To SSRF
6 pages
Penetration Testing With Kali Linux (Pen 200) - 90 Days
0% (1)
Penetration Testing With Kali Linux (Pen 200) - 90 Days
4 pages
Host Pentes
No ratings yet
Host Pentes
4 pages
Exam Report Csa
No ratings yet
Exam Report Csa
13 pages
OffSec SOC-200 (OSDA)
No ratings yet
OffSec SOC-200 (OSDA)
7 pages
Advanced SQL Injection
No ratings yet
Advanced SQL Injection
28 pages
How To Brute Force HTTP Forms in Windows by Silly Chicken
No ratings yet
How To Brute Force HTTP Forms in Windows by Silly Chicken
3 pages
HTB - Academy
No ratings yet
HTB - Academy
16 pages
OSWA OS XXXXXX Exam Report
100% (1)
OSWA OS XXXXXX Exam Report
17 pages
Lainkusanagi OSCP Like
No ratings yet
Lainkusanagi OSCP Like
14 pages
Penetration Report DC 2
No ratings yet
Penetration Report DC 2
10 pages
Sample Report
No ratings yet
Sample Report
11 pages
Exploit Labs Short
No ratings yet
Exploit Labs Short
17 pages
Pwnable Writeup
100% (1)
Pwnable Writeup
110 pages
Mobile Application Security and Penetration Testing: Syllabus
No ratings yet
Mobile Application Security and Penetration Testing: Syllabus
14 pages
DNSRecon
No ratings yet
DNSRecon
15 pages
BSCP Tracker
No ratings yet
BSCP Tracker
207 pages
Oscp Technical Guide
No ratings yet
Oscp Technical Guide
42 pages
Nagoya Proving Grounds Practice Walkthrough Medium PDF
No ratings yet
Nagoya Proving Grounds Practice Walkthrough Medium PDF
20 pages
Sample Pentest Resume
100% (1)
Sample Pentest Resume
3 pages
WsCube Tech - Penetration Testing (WS-PEN) Course
100% (1)
WsCube Tech - Penetration Testing (WS-PEN) Course
6 pages
Web 200 Syllabus
No ratings yet
Web 200 Syllabus
11 pages
Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape
No ratings yet
Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape
8 pages
Ocsa - Offenso Certified Security Analyst-2
No ratings yet
Ocsa - Offenso Certified Security Analyst-2
11 pages
OSED Exam Report
No ratings yet
OSED Exam Report
5 pages
Brute Force Attack - OWASP
No ratings yet
Brute Force Attack - OWASP
4 pages
OWASP - WebGoat - Introduction To XSS
No ratings yet
OWASP - WebGoat - Introduction To XSS
11 pages
© 2020 Caendra Inc. - Hera For Waptxv2 - XML Injection Labs
No ratings yet
© 2020 Caendra Inc. - Hera For Waptxv2 - XML Injection Labs
10 pages
Advanced Cross Site Scripting: and CSRF
No ratings yet
Advanced Cross Site Scripting: and CSRF
42 pages
Penetration Testing Commands
No ratings yet
Penetration Testing Commands
22 pages
Bug Bounty Hunting Tips 1641110966
100% (1)
Bug Bounty Hunting Tips 1641110966
11 pages
30 Days of Practice PenTest 2
No ratings yet
30 Days of Practice PenTest 2
4 pages
Security Testing Report: Snakerr
No ratings yet
Security Testing Report: Snakerr
37 pages
Offensive Recon //for// Bug Bounty Hunters: By: Harsh Bothra
No ratings yet
Offensive Recon //for// Bug Bounty Hunters: By: Harsh Bothra
18 pages
File Upload, Traversal
No ratings yet
File Upload, Traversal
20 pages
Company Profile
No ratings yet
Company Profile
113 pages
One Click - Migration From Google Workspace To Zoho Mail
No ratings yet
One Click - Migration From Google Workspace To Zoho Mail
14 pages
Cognizant Training Facility
No ratings yet
Cognizant Training Facility
1 page
Lifts & Escalators
No ratings yet
Lifts & Escalators
37 pages
Datasheet-Of DS-7108HGHI-M1 V4.70.160 20220628 PDF
No ratings yet
Datasheet-Of DS-7108HGHI-M1 V4.70.160 20220628 PDF
4 pages
Eg001 Op GLN 00 3031 B01
No ratings yet
Eg001 Op GLN 00 3031 B01
9 pages
Submersible Pump Cables
No ratings yet
Submersible Pump Cables
6 pages
GTP Attack Types
No ratings yet
GTP Attack Types
5 pages
Inb20009 Assignment 1
No ratings yet
Inb20009 Assignment 1
22 pages
Wireless Networks With RF Energy Harvesting: A Contemporary Survey
No ratings yet
Wireless Networks With RF Energy Harvesting: A Contemporary Survey
34 pages
New IFS Academy Civil Online Course & Fees Structure
No ratings yet
New IFS Academy Civil Online Course & Fees Structure
4 pages
Jgny-9lpdqj R3 en PDF
No ratings yet
Jgny-9lpdqj R3 en PDF
33 pages
Škoda Kodiaq: Product Guide
No ratings yet
Škoda Kodiaq: Product Guide
13 pages
(Ebooks PDF) Download AI Reality and Illusion (MEAP) Akli Adjaoute Full Chapters
No ratings yet
(Ebooks PDF) Download AI Reality and Illusion (MEAP) Akli Adjaoute Full Chapters
49 pages
Door Guard
100% (1)
Door Guard
2 pages
HPE LCD 8500 1U Console User Guide-C04569797
No ratings yet
HPE LCD 8500 1U Console User Guide-C04569797
24 pages
The Secret To High Performance Crystal Radios
100% (5)
The Secret To High Performance Crystal Radios
30 pages
What Is The PCB Hole Density
No ratings yet
What Is The PCB Hole Density
7 pages
Dozer 750
No ratings yet
Dozer 750
2 pages
JIRA Quick Guide 0.2
No ratings yet
JIRA Quick Guide 0.2
10 pages
Embedded System
No ratings yet
Embedded System
11 pages
System Design Document
No ratings yet
System Design Document
3 pages
Lesson 3 - Design Principles
No ratings yet
Lesson 3 - Design Principles
36 pages
MM UNIT 3b 2021
No ratings yet
MM UNIT 3b 2021
78 pages
Live Project On Digital India
No ratings yet
Live Project On Digital India
12 pages
Machine Structure
No ratings yet
Machine Structure
8 pages
ADV 8102r6
No ratings yet
ADV 8102r6
2 pages

POCs For Various Exploits and Vulnerabilities

Uploaded by

POCs For Various Exploits and Vulnerabilities

Uploaded by

POCs for various exploits and

POC for RCE

POC for IDOR:

POC for UFU:

POC for LFI:

POC for Race Condition:

POC for brute force:

POC for SQL:

POC for Privilege Escalation:

You might also like