Skip to content

Instantly share code, notes, and snippets.

View EdOverflow's full-sized avatar
I swear there was an XSS somewhere around here...

EdOverflow EdOverflow

I swear there was an XSS somewhere around here...
3.2k followers · 22 following
View GitHub Profile
@EdOverflow
EdOverflow / code_snippets.md
Last active March 3, 2018 17:51
Ed's code snippets.

Ed's code snippets

@EdOverflow
EdOverflow / blockstack
Last active September 28, 2019 16:14
Verifying my Blockstack ID is secured with the address 1C7SnTWig9cr3cuPhAeC4BoMhA4yejXC8m https://explorer.blockstack.org/address/1C7SnTWig9cr3cuPhAeC4BoMhA4yejXC8m
Verifying my Blockstack ID is secured with the address 1C7SnTWig9cr3cuPhAeC4BoMhA4yejXC8m https://explorer.blockstack.org/address/1C7SnTWig9cr3cuPhAeC4BoMhA4yejXC8m
@EdOverflow
EdOverflow / secured_domains.txt
Created February 2, 2018 20:20
www.nulloy.com
geoway.xyz
electriceel.xyz
cheriandcherie.com
ysm.life
yetanothergamestudio.com
woholer.info
wnereiz.net
webdevroom.net
waitlist.live
@EdOverflow
EdOverflow / htmli_2_xss.txt
Created January 20, 2018 20:36
<style>body{margin:0}.overlay{position:fixed;top:0;left:0;z-index:999;height:100vh;width:100vw;background:rgba(0,0,0,0.5)}.alert{width:300px;padding:0 20px 0 0px;position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);background:#fff}.alert p{color:#000 !important;padding:45px;text-align:center;font-family:sans-serif}.ok{background:#eee;width:100%;height:30px;padding:10px 10px}.ok button{float:right;padding:0 25px;margin-right:5px}</style><div class="overlay"><div class="alert"><p>1</p><div class="ok"><button>OK</button></div></div></div>
@EdOverflow
EdOverflow / blockstack.md
Created January 20, 2018 14:28
@EdOverflow
EdOverflow / keybase.md
Last active July 29, 2019 08:29
We couldn’t find that file to show.
@EdOverflow
EdOverflow / open_redirect_wordlist.txt
Last active February 21, 2023 14:30
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
@EdOverflow
EdOverflow / keybase.md
Created October 20, 2017 14:31

Keybase proof

I hereby claim:

  • I am edoverflow on github.
  • I am edoverflow (https://keybase.io/edoverflow) on keybase.
  • I have a public key ASDfEwD4wuFwxlxKl77DZju1xcWdKUSV3sFDCdK16rW3Tgo

To claim this, I am signing this object:

@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active May 30, 2023 18:31
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
@EdOverflow
EdOverflow / github_onplatform.md
Last active August 27, 2020 10:22
My basic workflow when using GitHub for recon purposes.

On-platform GitHub Reconnaissance

Note: Please keep in mind, that all of this does not work if you are not signed in to GitHub.

When searching for issues related to a target I often like to quickly look up their GitHub organization on Google.

So let's say Gratipay says nothing about being open source. A quick Google "Gratipay GitHub" should return Gratipay's org page on GitHub.

Then from there I am going to check what repos actually belong to the org and which are forked. You can do this by selecting the Type: dropdown on the right hand side of the page.