godkiller

A repository containing zero-day vulnerabilities and proof-of-concepts (PoCs) of undisclosed CVEs discovered during penetration testing or my security research

This repository is constantly updating

PoCs:

CVE-2022-1970: Keycloak Oauth2 Account Takeover via Open Redirect: https://github.com/j4k0m/godkiller/tree/main/CVE-2022-1970_account_takeover_poc
CVE-2020-11431: i-net Clear Reports 16.0 to 19.2 Local file read: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-11431_arbitrary_file_read_poc
CVE-2023-30019: Error-Based SSRF in imgproxy: https://github.com/j4k0m/godkiller/tree/main/CVE-2023-30019_ssrf_imgproxy
I-net Clear Reports XSS: https://github.com/j4k0m/godkiller/tree/main/i-net_clear_reports_xss
CVE-2020-27838: Keycloak Unauthorized retrieval of client secret: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-27838_poc
Open Redirect in keycloak in /logout endpoint: https://github.com/j4k0m/godkiller/tree/main/keycloak_openredirect_logout
ArcGis Blind-SSRF: https://github.com/j4k0m/godkiller/tree/main/arcgis_blind_ssrf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

godkiller

This repository is constantly updating

PoCs:

About

Releases

Packages

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
CVE-2020-11431_arbitrary_file_read_poc		CVE-2020-11431_arbitrary_file_read_poc
CVE-2020-27838_poc		CVE-2020-27838_poc
CVE-2022-1970_account_takeover_poc		CVE-2022-1970_account_takeover_poc
CVE-2023-30019_ssrf_imgproxy		CVE-2023-30019_ssrf_imgproxy
arcgis_blind_ssrf		arcgis_blind_ssrf
i-net_clear_reports_xss		i-net_clear_reports_xss
keycloak_openredirect_logout		keycloak_openredirect_logout
README.md		README.md

j4k0m/godkiller

Folders and files

Latest commit

History

Repository files navigation

godkiller

This repository is constantly updating

PoCs:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages