godkiller icon indicating copy to clipboard operation
godkiller copied to clipboard

Published 20 hours ago verified publisher icon j4k0m

Metadata

Vulnerabilities you my miss during a penetration testing.

godkiller

A repository containing zero-day vulnerabilities and proof-of-concepts (PoCs) of undisclosed CVEs discovered during penetration testing or my security research

This repository is constantly updating

PoCs:

  • CVE-2022-1970: Keycloak Oauth2 Account Takeover via Open Redirect: https://github.com/j4k0m/godkiller/tree/main/CVE-2022-1970_account_takeover_poc
  • CVE-2020-11431: i-net Clear Reports 16.0 to 19.2 Local file read: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-11431_arbitrary_file_read_poc
  • CVE-2023-30019: Error-Based SSRF in imgproxy: https://github.com/j4k0m/godkiller/tree/main/CVE-2023-30019_ssrf_imgproxy
  • I-net Clear Reports XSS: https://github.com/j4k0m/godkiller/tree/main/i-net_clear_reports_xss
  • CVE-2020-27838: Keycloak Unauthorized retrieval of client secret: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-27838_poc
  • Open Redirect in keycloak in /logout endpoint: https://github.com/j4k0m/godkiller/tree/main/keycloak_openredirect_logout
  • ArcGis Blind-SSRF: https://github.com/j4k0m/godkiller/tree/main/arcgis_blind_ssrf

Metadata

97
Stars
12
Forks
Watchers

Owner

verified publisher icon j4k0m

Metadata

Vulnerabilities you my miss during a penetration testing.

Back