Skip to content

Instantly share code, notes, and snippets.

View pompompurins's full-sized avatar
😎
Too busy fucking bitches

pompompurins

😎
Too busy fucking bitches
19 followers · 3 following
View GitHub Profile
@pompompurins
pompompurins / sleep.md
Last active March 23, 2023 18:55

Top 10 Web Application Security Risks

A1:2017-Exposed JS File (EJF): Having a .JS File exposed. This vulnerability would allow an attacker to expoit your webshell and upload a reverse shell onto the website. An example of this vulnerability in the wild can be seen here: https://doxbin.org/legacy/jquery.min.js

A2:2017-Exposed Login Page: Login page being accessible to the public. This should never be the case, as someone could login using it.

A3:2017-Having Subdomains: Many web applications might have subdomains (e.g. login.example.com, cdn.example.com). This is a vulnerability because it allows an attacker to visit your subdomains. An attacker could then possibly find a login page, which is another vulnerability.

A4:2017-Error Pages Enabled (EPE): Any type of error page (403, 404, 429) is con

@pompompurins
pompompurins / anti-xss.php
Created August 9, 2021 23:29
ANTI-XSS FILTER TO STOP XSS ATTACKS
<?php
function anti_xss($string)
{
if(preg_match('/[\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]/', $string)){
$error = "special characters not allowed!";
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>';
$xssdetected = true;
}
@pompompurins
pompompurins / gist:a8076e0fc398959a210195643e36171d
Created July 20, 2021 16:54
### Keybase proof
I hereby claim:
* I am pompompurins on github.
* I am pompompurin (https://keybase.io/pompompurin) on keybase.
* I have a public key ASCApMN6EecoxLJ2Nhmu-cHA_PA3kvOniymMvYwUfKwxpwo
To claim this, I am signing this object: