Skip to content

Instantly share code, notes, and snippets.

View EdOverflow's full-sized avatar
I swear there was an XSS somewhere around here...

EdOverflow EdOverflow

I swear there was an XSS somewhere around here...
3.2k followers · 22 following
View GitHub Profile
@EdOverflow
EdOverflow / keybase.md
Created October 20, 2017 14:31

Keybase proof

I hereby claim:

  • I am edoverflow on github.
  • I am edoverflow (https://keybase.io/edoverflow) on keybase.
  • I have a public key ASDfEwD4wuFwxlxKl77DZju1xcWdKUSV3sFDCdK16rW3Tgo

To claim this, I am signing this object:

@EdOverflow
EdOverflow / htmli_2_xss.txt
Created January 20, 2018 20:36
<style>body{margin:0}.overlay{position:fixed;top:0;left:0;z-index:999;height:100vh;width:100vw;background:rgba(0,0,0,0.5)}.alert{width:300px;padding:0 20px 0 0px;position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);background:#fff}.alert p{color:#000 !important;padding:45px;text-align:center;font-family:sans-serif}.ok{background:#eee;width:100%;height:30px;padding:10px 10px}.ok button{float:right;padding:0 25px;margin-right:5px}</style><div class="overlay"><div class="alert"><p>1</p><div class="ok"><button>OK</button></div></div></div>
@EdOverflow
EdOverflow / secured_domains.txt
Created February 2, 2018 20:20
www.nulloy.com
geoway.xyz
electriceel.xyz
cheriandcherie.com
ysm.life
yetanothergamestudio.com
woholer.info
wnereiz.net
webdevroom.net
waitlist.live
@EdOverflow
EdOverflow / code_snippets.md
Last active March 3, 2018 17:51
Ed's code snippets.

Ed's code snippets

@EdOverflow
EdOverflow / H1-Report-ID-Bookmark
Created March 3, 2018 17:57
Add this as a bookmark to quickly navigate to HackerOne reports with just the report ID.
javascript:var%20report=prompt("Report%20ID:","");window.location.href="https://hackerone.com/reports/"+report;
@EdOverflow
EdOverflow / blockstack.md
Created January 20, 2018 14:28
@EdOverflow
EdOverflow / bucket-disclose.sh
Created July 6, 2018 17:42 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@EdOverflow
EdOverflow / reddit.sh
Created April 28, 2018 20:04
Use reddit.com for recon purposes.
#!/bin/bash
# Variables
BOLD='\033[1m'
END='\033[0m'
# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")
@EdOverflow
EdOverflow / CTF_reversing_the_password.md
Last active April 20, 2019 22:23
My solutions to the "reversing the passwords" CTF by Jobert.

Capture the flag: reversing the passwords (Solutions)

Step 1 - Recovering the corrupted data

According to the doc, the following stream is corrupted:

7b 0a 20 a0 22 65 76 e5
6e 74 22 ba 20 22 70 e1
73 73 77 ef 72 64 5f e3
@EdOverflow
EdOverflow / _config.yml
Created May 18, 2019 09:38
include:
- .well-known