Skip to content

Instantly share code, notes, and snippets.

View harisec's full-sized avatar

harisec

47 followers · 224 following
View GitHub Profile
@harisec
harisec / rh.html
Created June 26, 2022 10:28
<h1>this is not ritzcarlton.com</h1>
@harisec
harisec / client-side-prototype-pollution-expoitation.md
Last active January 24, 2022 10:02

I was trying to exploit a client-side prototype pollution and nothing was working.

I figured out that if you try to use a script gadget by visiting a URL like this dirrectly:

https://example.com/#&__proto__[context]=<img/src/onerror%3dalert(1)>&__proto__[jquery]=x

will not work because the page will not load properly as the prototype pollution will break the page.

@harisec
harisec / test.txt
Created October 21, 2021 14:39
this is a text file
aaa
aaaa
bbb
cccc
sddd
@harisec
harisec / data.json
Created October 21, 2021 14:37
{
"sampleJSONProperty":"sample JSON value",
"sampleJSONProperty2":"sample JSON value2"
}
@harisec
harisec / exploit_path_traversals_in_Java_webapps.txt
Created April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
so, you can read WEB-INF/web.xml. how can you escalate this issue?
[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.
use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.
@harisec
harisec / ruby-sensitive-files.txt
Created October 15, 2019 18:41
database.yml
database.yml_original
database.yml~
database.yml.pgsql
database.yml.sqlite3
config/database.yml
config/database.yml_original
config/database.yml~
config/database.yml.pgsql
config/database.yml.sqlite3
@harisec
harisec / linkfilter.txt
Created October 15, 2019 06:03
filter links
An idea for a tool.
So, going through Wayback archive we get thousands of links like the ones below.
It's the same path and different values for GET parameters.
A very useful tool would filter these using this algo:
- for each link, parse the link with an URL parser:
- create a hash from: hostname + path + (parameter names (without values) sorted).
- save the hash in an array
- for the next links, compute the hash
- if the hash is in the array, ignore the link
@harisec
harisec / csp.txt
Created May 24, 2019 07:02
connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://smdhdsnappytv-vh.akamaihd.net https://smpdhdsnappytv-vh.akamaihd.net https://smmdhdsnappytv-vh.akamaihd.net https://rmdhdsnappytv-vh.akamaihd.net https://rmpdhdsnappytv-vh.akamaihd.net https://rmmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ;
default-src 'self';
form-action 'self' https://twitter.com https://*.twitter.com;
font-src 'self' https://*.twimg.com;
frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.