CVE-2021-40346 integer overflow enables http smuggling

Last update: Nov 15, 2022

Overview

CVE-2021-40346-POC

CVE-2021-40346 integer overflow enables http smuggling

Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

整数溢出导致的http请求走私

Build

git clone https://github.com/donky16/CVE-2021-40346-POC.git
cd CVE-2021-40346-POC 
docker-compose build 
docker-compose up -d

Exploit

Owner

donky16

GitHub Repository

Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

2 Dec 12, 2021

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

16 Nov 09, 2022

LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r

315 Dec 18, 2022

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

3.5k Jan 09, 2023

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

112 Dec 01, 2022

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

10.1k Jan 09, 2023

Script Crack Facebook Yang Kaya Akan Teh Hijau 🚶‍♂

r-mbf Script Crack Facebook 🚶‍♂ Bukti Recode [•] Install Script $ pkg update && pkg upgrade $ pkg install python $ pkg install git $ pip install requ

3 Apr 02, 2022

Template for new OSINT command-line tools

OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.

36 Dec 20, 2022

Laravel RCE (CVE-2021-3129)

CVE-2021-3129 - Laravel RCE About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability. This script allows you to wri

21 Dec 27, 2022

Receive notifications/alerts on the most recent disclosed CVE's.

Receive notifications on the most recent disclosed CVE's.

7 Nov 24, 2022

web指纹识别工具

前言一直苦于没有用的顺手的web指纹识别工具，学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

966 Dec 26, 2022

MozDef: Mozilla Enterprise Defense Platform

MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def

2.2k Jan 08, 2023

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

6 Nov 16, 2022

MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

4 Sep 06, 2022

Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

10 Oct 31, 2022

The Multi-Tool Web Vulnerability Scanner.

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

1.3k Dec 31, 2022

This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

6 Dec 24, 2022

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

IDA2Obj IDA2Obj is a tool to implement SBI (Static Binary Instrumentation). The working flow is simple: Dump object files (COFF) directly from one exe

94 Dec 13, 2022

Confluence OGNL injection

CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Conflue

15 Sep 23, 2022

A set of blender assets created for the $yb NFT project.

fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on

1 May 06, 2022

CVE-2021-40346 integer overflow enables http smuggling

Related tags

Overview

CVE-2021-40346-POC

Build

Exploit

Owner

donky16

Script checks provided domains for log4j vulnerability

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Script Crack Facebook Yang Kaya Akan Teh Hijau 🚶‍♂

Template for new OSINT command-line tools

Laravel RCE (CVE-2021-3129)

Receive notifications/alerts on the most recent disclosed CVE's.

web指纹识别工具

MozDef: Mozilla Enterprise Defense Platform

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

MassStringer, CTF Flag Finder

Python APK Reverser & Patcher Tool

The Multi-Tool Web Vulnerability Scanner.

This is tools hacking for scan vuln in port web, happy using

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

Confluence OGNL injection

A set of blender assets created for the $yb NFT project.