#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
Aan aancw
🏠
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BEGIN_KITTY_THEME | |
| # Catppuccin-Frappe | |
| include current-theme.conf | |
| # END_KITTY_THEME | |
| # ========================= | |
| # Window / Appearance | |
| # ========================= | |
| background_opacity 1.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| const UnverifiedCertError = Java.use('javax.net.ssl.SSLPeerUnverifiedException'); | |
| UnverifiedCertError.$init.implementation = function (str) { | |
| const stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace(); | |
| const exceptionStackIndex = stackTrace.findIndex(stack => | |
| stack.getClassName() === "javax.net.ssl.SSLPeerUnverifiedException" | |
| ); | |
| const callingFunctionStack = stackTrace[exceptionStackIndex + 1]; | |
| const className = callingFunctionStack.getClassName(); | |
| const methodName = callingFunctionStack.getMethodName(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| const UnverifiedCertError = Java.use('javax.net.ssl.SSLPeerUnverifiedException'); | |
| UnverifiedCertError.$init.implementation = function (str) { | |
| const stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace(); | |
| const exceptionStackIndex = stackTrace.findIndex(stack => | |
| stack.getClassName() === "javax.net.ssl.SSLPeerUnverifiedException" | |
| ); | |
| const callingFunctionStack = stackTrace[exceptionStackIndex + 1]; | |
| const className = callingFunctionStack.getClassName(); | |
| const methodName = callingFunctionStack.getMethodName(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| const UnverifiedCertError = Java.use('javax.net.ssl.SSLPeerUnverifiedException'); | |
| UnverifiedCertError.$init.implementation = function (str) { | |
| const stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace(); | |
| const exceptionStackIndex = stackTrace.findIndex(stack => | |
| stack.getClassName() === "javax.net.ssl.SSLPeerUnverifiedException" | |
| ); | |
| const callingFunctionStack = stackTrace[exceptionStackIndex + 1]; |
aancw
/ obsidian-web-clipper.js
Created
August 20, 2022 09:24
— forked from kepano/obsidian-web-clipper.js
Obsidian Web Clipper Bookmarklet to save articles and pages from the web (for Safari, Chrome, Firefox, and mobile browsers)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: Promise.all([import('https://unpkg.com/turndown@6.0.0?module'), import('https://unpkg.com/@tehshrike/readability@0.2.0'), ]).then(async ([{ | |
| default: Turndown | |
| }, { | |
| default: Readability | |
| }]) => { | |
| /* Optional vault name */ | |
| const vault = ""; | |
| /* Optional folder name such as "Clippings/" */ |
aancw
/ debug_requests.py
Created
August 17, 2022 17:21
— forked from Daenyth/debug_requests.py
Enable debug logging for python requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import logging | |
| import httplib | |
| # Debug logging | |
| httplib.HTTPConnection.debuglevel = 1 | |
| logging.basicConfig() | |
| logging.getLogger().setLevel(logging.DEBUG) | |
| req_log = logging.getLogger('requests.packages.urllib3') | |
| req_log.setLevel(logging.DEBUG) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert(document.cookie); |
aancw
/ angular.sandbox.escapes.md
Created
August 10, 2017 07:41
— forked from jeremybuis/angular.sandbox.escapes.md
Angular Sandbox Escape Cheatsheet
aancw
/ Silabus-Belajar-Javascript-Ubuntu-Indonesia.md
Last active
July 3, 2020 14:02
Silabus Belajar Javascript Ubuntu Indonesia
I hereby claim:
- I am aancw on github.
- I am petruknisme (https://keybase.io/petruknisme) on keybase.
- I have a public key ASDgxMWmzDxx7Wd869O6Iyzuf6yNaIz45Sn6SzFqj3m4VQo
To claim this, I am signing this object:
NewerOlder