Skip to content

Instantly share code, notes, and snippets.

View namhikelo's full-sized avatar
😀
Hello

Phan Hoang Nam namhikelo

😀
Hello
17 followers · 35 following
View GitHub Profile
@namhikelo
namhikelo / CVE-2025-55752.md
Created November 2, 2025 14:24 — forked from N3mes1s/CVE-2025-55752.md
Apache Tomcat Rewrite Valve Relative Path Traversal (GHSA-wmwf-9ccg-fff5 / CVE-2025-55752)

Apache Tomcat Rewrite Valve Relative Path Traversal (GHSA-wmwf-9ccg-fff5 / CVE-2025-55752)

Date: 2025-10-28

1. Executive Summary

We reproduced the relative path traversal vulnerability affecting Apache Tomcat versions 8.5.6–8.5.100, 9.0.0.M11–9.0.108, 10.1.0-M1–10.1.44, and 11.0.0-M1–11.0.10. The issue arises when RewriteValve rules incorporate user-controlled query parameters into rewritten URLs. Tomcat normalises the rewritten URI before decoding it, permitting encoded ../ sequences to slip past security constraints. During our assessment we:

  • Deployed a vulnerable Tomcat 9.0.108 instance with a rewrite rule representative of the affected applications.
  • Confirmed that an encoded traversal payload (path=%2FWEB-INF%2Fweb.xml) retrieves protected resources (HTTP 200) that should be inaccessible.
@namhikelo
namhikelo / vmware.md
Created April 22, 2025 08:02 — forked from JHarrison712/vmware.md
VMware ESXI 8 / VCSA 8 license key 2023

VMware ESXi 16/VCSA 8

Added in 2022

ESXi 16

  • 4F40H-4ML1K-M89U0-0C2N4-1AKL4

VCSA

  • 0F41K-0MJ4H-M88U1-0C3N0-0A214

2023 Keys

ESXi 8

  • VYLWZ-ZHZPX-D1WAT-FAJTN-YLQ9X
@namhikelo
namhikelo / LPIC-101 400-1
Created December 27, 2024 00:32 — forked from ntwobike/LPIC-101 400-1
Sample questions for LPIC -101-400 part-1
QUESTION 1
Which SysV init configuration file should be modified to disable the ctrl-alt-delete key combination?
A. /etc/keys
B. /proc/keys
C. /etc/inittab
D. /proc/inittab
E. /etc/reboot
QUESTION 2
Which of the following information is stored within the BIOS? (Choose TWO correct answers.)
@namhikelo
namhikelo / mysql57-in-centos7.md
Created August 20, 2024 22:16 — forked from linuxkathirvel/mysql57-in-centos7.md
Install MySQL 5.7 in CentOS7/RHEL7

MySQL 5.7 installation in CentOS 7

sudo su

# Remove MariaDB packages
yum list installed | grep -i maria
yum remove mariadb.x86_64
yum remove mariadb-libs.x86_64

# Download MySQL 5.7 RPM tar
@namhikelo
namhikelo / http.conf
Last active November 20, 2023 11:14
Config SSL for event CTFd
worker_processes 4;
events {
worker_connections 1024;
}
http {
# Configuration containing list of application servers
@namhikelo
namhikelo / install.sh
Created October 10, 2023 18:10
Install LUA in nginx
# ROOT
if [ "$EUID" -ne 0 ]; then
echo "RUN AS ROOT ^^!"
exit 1
fi
# Update
sudo apt update
# Pakage requirement
@namhikelo
namhikelo / SSL-nginx-Docker.md
Created May 19, 2023 14:01 — forked from dahlsailrunner/SSL-nginx-Docker.md
SSL with Docker images using nginx as reverse proxy

Docker with SSL and an nginx reverse proxy

Running your ASP.NET Core (or other) application in Docker using SSL should not be an overwhelming task. These steps should do the trick.

Run the following steps from a Linux terminal (I used WSL or WSL2 on Windows from the Windows Terminal).

1. Create a conf file with information about the cert you'll be creating

It should look something like the content below; call it my-site.conf or something like that.