In no particular order, below are various resources used in studying/reviewing..
ashbyca
/ ip-context-menu.xml
Created
December 30, 2019 11:22
ashbyca
/ web-cheatsheet.md
Last active
February 22, 2021 16:51
Description A Stored Cross-Site Scripting (XSS) vulnerability occurs when a web application sends stored strings that were provided by an attacker to a victim's browser in such a way that the browser executes part of the string as code. The string contains malicious data and is initially stored server-side, often in the application's database.
Steps To Reproduce:
- Log in to the application.
- Navigate to the necessary URL found from Automated tool
- Navigate to the section identified as vulnerable
- Enter any of the below mentioned payloads in the "various form/other input fields and also fill in any mandatory fields.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| System Setup | |
| # Install Python PIP and Dependencies | |
| sudo apt-get install python3-dev python3-pip python3-setuptools libyaml-dev wget libreadline7 libreadline-dev git python-dnspython python-mechanize python-slowaes python-xlsxwriter python-jsonrpclib python-lxml lsb-release figlet update-motd libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev -y | |
| # Setup and configure Dynamic MOTD | |
| # Remove the current directory | |
| sudo rm -r /etc/update-motd.d/ | |
| # Create new directory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"searchproviders":[["-1","DuckDuck Go","https://duckduckgo.com/?q=TESTSEARCH",true,false,7,false,"",false,""],["-1","Twitter Term","https://twitter.com/search?f=realtime&q=TESTSEARCH&src=typd",true,false,7,false,"",false,""],["-1","Google Safe Browsing","http://www.google.com/safebrowsing/diagnostic?site=TESTSEARCH",true,false,3,false,"",false,""],["-1","RIPE","https://stat.ripe.net/TESTSEARCH#tabId=at-a-glance",true,false,3,false,"",false,""],["-1","ARIN","https://search.arin.net/rdap/?query=TESTSEARCH",true,false,3,false,"",false,""],["-1","Domain Tools","https://whois.domaintools.com/TESTSEARCH",true,false,3,false,"",false,""],["-1","AlienVault OTX Domain","https://otx.alienvault.com/indicator/domain/TESTSEARCH",true,false,2,false,"",false,""],["-1","VirusTotal Domain Info","https://www.virustotal.com/en/domain/%s/information/",true,false,2,false,"",false,""],["-1","WhoIS DNS Info","http://who.is/whois/TESTSEARCH",true,false,2,false,"",false,""],["-1","McAfee TI","http://www.mcafee.com/threat-intelligence |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Edit this file to introduce tasks to be run by cron. | |
| # | |
| # Each task to run has to be defined through a single line | |
| # indicating with different fields when the task will be run | |
| # and what command to run for the task | |
| # | |
| # To define the time you can provide concrete values for | |
| # minute (m), hour (h), day of month (dom), month (mon), | |
| # and day of week (dow) or use '*' in these fields (for 'any').# | |
| # Notice that tasks will be started based on the cron's system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # 10-sysinfo - generate the system information | |
| # Copyright (c) 2013 Nick Charlton | |
| # | |
| # Authors: Nick Charlton <hello@nickcharlton.net> | |
| # | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation; either version 2 of the License, or |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # 00-header - create the header of the MOTD | |
| # Copyright (c) 2013 Nick Charlton | |
| # Copyright (c) 2009-2010 Canonical Ltd. | |
| # | |
| # Authors: Nick Charlton <hello@nickcharlton.net> | |
| # Dustin Kirkland <kirkland@canonical.com> | |
| # | |
| # This program is free software; you can redistribute it and/or modify |
ashbyca
/ Keybase.md
Created
March 25, 2015 19:31
I hereby claim:
- I am ashbyca on github.
- I am ashby (https://keybase.io/ashby) on keybase.
- I have a public key whose fingerprint is B966 BDF6 C4FE DDCF BE6B 6F93 AD9B DB92 3F8C 42BD
To claim this, I am signing this object: