layout | title |
---|---|
post |
xss cheat sheet |
# xss-cheat-sheet
# Basics Xss
HTML Context - Simple Tag Injection
layout | title |
---|---|
post |
xss cheat sheet |
# xss-cheat-sheet
# Basics Xss
HTML Context - Simple Tag Injection
/.s3cfg | |
/phpunit.xml | |
/nginx.conf | |
/.vimrc | |
/LICENSE.md | |
/yarn.lock | |
/Gulpfile | |
/Gulpfile.js | |
/composer.json | |
/.npmignore |
I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.
If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.
# 0 is too far from ` ;) | |
set -g base-index 1 | |
# Automatically set window title | |
set-window-option -g automatic-rename on | |
set-option -g set-titles on | |
#set -g default-terminal screen-256color | |
set -g status-keys vi | |
set -g history-limit 10000 |
```zshrc | |
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████ | |
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███ | |
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀ | |
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███ | |
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███ | |
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄ | |
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███ | |
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀ | |
# ███ ███ |
MITRE ATT4CK - T1132 - Data Encoding
Base64 Code | Mnemonic Aid | Decoded* | Description |
---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16) |
TVq |
📺 Television | MZ |
MZ header |
UEs |
🏬 Upper East Side | PK |
ZIP, Office documents |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
import requests | |
import sys | |
import json | |
def waybackurls(host, with_subs): | |
if with_subs: | |
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
else: | |
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
import sys | |
def to_octets(ip): | |
return [int(i) for i in ip.split('.')] | |
def dotless_decimal(ip): | |
octets = to_octets(ip) | |
result = octets[0] * 16777216 + octets[1] * \ |