Fady Othman fadyosman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var payloads = ["javascript://", "javascript::", "JavaScript:", "javajavascript:script:"]; | |
| function doit(x, index) {setTimeout(function() {location.hash = "#" + x}, 1000 * index)} | |
| payloads.forEach(doit); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Try it a : http://ec2-54-242-83-247.compute-1.amazonaws.com/?id=asd | |
| if(preg_match("/^[a-zA-Z0-9]+$/",$_REQUEST['id'])) { | |
| echo "You entered: ".$_GET['id']; | |
| } else { | |
| echo "Sorry only alphanumeric characters are allowed."; | |
| } |
fadyosman
/ challenge2_url.txt
Created
November 13, 2022 17:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://ec2-54-242-83-247.compute-1.amazonaws.com/?id=asd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script> | |
| function filter(F) { | |
| F = unescape(F).replace(/\n/g, "").replace(/\r/g, "").replace(/\t/g, "").replace(/javascript:/ig, '').replace(/&/g, '&').replace(/</g, '<').replace(/"/g, '"'); | |
| return F; | |
| } | |
| function locationHashChanged(e) { | |
| var F = location.hash.substring(1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>JS monitor function demo</title> | |
| <script src="main.js"></script> | |
| </head> | |
| <body> | |
| <button onclick="add(1,2);">Call Add</button><br/> | |
| <button onclick='makeRequest({"name":"test","url":"https://www.google.com/"});'>Call makeRequest</button><br /> | |
| <button onclick="first()">Read location.hash</button> | |
| </body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <head> | |
| <title>Jquery XSS Example</title> | |
| <script src="https://code.jquery.com/jquery-3.6.1.min.js" | |
| integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script> | |
| <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" | |
| integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script> | |
| <script> | |
| function init() { | |
| $("#datepicker").datepicker({ altField: "dangerous if your input reaches here" }); | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title> | |
| Devtools : initiators | |
| </title> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js" | |
| integrity="sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA==" | |
| crossorigin="anonymous" referrerpolicy="no-referrer"></script> | |
| </head> |
fadyosman
/ zapcrawl.py
Created
May 2, 2020 18:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| if len(sys.argv) < 3: | |
| print("Usage : python3 zapcrawl.py urls.txt ZAP_API_KEY") | |
| exit(0) | |
| urlsfile = open(sys.argv[1], 'r') | |
| urls = urlsfile.readlines() | |
| api_key = sys.argv[2] |
fadyosman
/ sqlserver2008NativeClientLink
Created
April 26, 2017 11:58
Sqlserver2008 Native Client Direct Link
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://download.microsoft.com/download/B/6/3/B63CAC7F-44BB-41FA-92A3-CBF71360F022/1033/x64/sqlncli.msi |