This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var payloads = ["javascript://", "javascript::", "JavaScript:", "javajavascript:script:"]; | |
function doit(x, index) {setTimeout(function() {location.hash = "#" + x}, 1000 * index)} | |
payloads.forEach(doit); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Try it a : http://ec2-54-242-83-247.compute-1.amazonaws.com/?id=asd | |
if(preg_match("/^[a-zA-Z0-9]+$/",$_REQUEST['id'])) { | |
echo "You entered: ".$_GET['id']; | |
} else { | |
echo "Sorry only alphanumeric characters are allowed."; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://ec2-54-242-83-247.compute-1.amazonaws.com/?id=asd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<script> | |
function filter(F) { | |
F = unescape(F).replace(/\n/g, "").replace(/\r/g, "").replace(/\t/g, "").replace(/javascript:/ig, '').replace(/&/g, '&').replace(/</g, '<').replace(/"/g, '"'); | |
return F; | |
} | |
function locationHashChanged(e) { | |
var F = location.hash.substring(1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>JS monitor function demo</title> | |
<script src="main.js"></script> | |
</head> | |
<body> | |
<button onclick="add(1,2);">Call Add</button><br/> | |
<button onclick='makeRequest({"name":"test","url":"https://www.google.com/"});'>Call makeRequest</button><br /> | |
<button onclick="first()">Read location.hash</button> | |
</body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<head> | |
<title>Jquery XSS Example</title> | |
<script src="https://code.jquery.com/jquery-3.6.1.min.js" | |
integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script> | |
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" | |
integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script> | |
<script> | |
function init() { | |
$("#datepicker").datepicker({ altField: "dangerous if your input reaches here" }); | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title> | |
Devtools : initiators | |
</title> | |
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js" | |
integrity="sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA==" | |
crossorigin="anonymous" referrerpolicy="no-referrer"></script> | |
</head> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import requests | |
if len(sys.argv) < 3: | |
print("Usage : python3 zapcrawl.py urls.txt ZAP_API_KEY") | |
exit(0) | |
urlsfile = open(sys.argv[1], 'r') | |
urls = urlsfile.readlines() | |
api_key = sys.argv[2] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://download.microsoft.com/download/B/6/3/B63CAC7F-44BB-41FA-92A3-CBF71360F022/1033/x64/sqlncli.msi |