mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [master] one page and one asset modified
This commit is contained in:
parent
b486b9fee1
commit
c8d10583c4
BIN
.gitbook/assets/image (472).png
Normal file
BIN
.gitbook/assets/image (472).png
Normal file
Binary file not shown.
After Width: | Height: | Size: 59 KiB |
|
@ -83,6 +83,16 @@ in JSON
|
|||
/?search=admin' && this.password && this.password.match(/^duvj78i3u$/)%00 Found
|
||||
```
|
||||
|
||||
### PHP Arbitrary Function Execution
|
||||
|
||||
Using the **$func** operator of the [MongoLite](https://github.com/agentejo/cockpit/tree/0.11.1/lib/MongoLite) library \(used by default\) it might be possible to execute and arbitrary function as in [this report](https://swarm.ptsecurity.com/rce-cockpit-cms/).
|
||||
|
||||
```python
|
||||
"user":{"$func": "var_dump"}
|
||||
```
|
||||
|
||||
![](../.gitbook/assets/image%20%28472%29.png)
|
||||
|
||||
## Blind NoSQL
|
||||
|
||||
```python
|
||||
|
|
Loading…
Reference in a new issue