dpkg -s libxml2-dev
#output
Package: libxml2-dev
Status: install ok installed
Multi-Arch: same
Priority: optional
Sam Sanoop snoopysecurity
snoopysecurity
/ libxml2_XXE.md
Created
April 13, 2020 09:22
— forked from k3mlol/libxml2_XXE.md
libxml2 XXE vuln
snoopysecurity
/ 1266386.md
Created
May 30, 2020 17:55
— forked from cure53/1266386.md
OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing
Mozilla Firefox supports a feature that allows to define SVG images inside an OTF font to represent characters. This is useful if we for example want to work with colorful characters, Emoji, animated characters and so on. Firefox is currently the only relevant browser supporting this technology.
The general technology and its advantages are described here:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <img alt="<x" title="/><img src=url404 onerror=xss(0)>"> | |
| <img alt=" | |
| <x" title="/> | |
| <img src=url404 onerror=xss(1)>"> | |
| <style><style/><img src=url404 onerror=xss(2)> | |
| <xmp><xmp/><img src=url404 onerror=xss(3)> |
snoopysecurity
/ attacks-xml.php
Created
June 21, 2020 19:37
— forked from hakre/attacks-xml.php
PHP DOMDocument/libxml billion laughs / quadratic blowup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @link http://stackoverflow.com/q/10212752/367456 | |
| * @link http://msdn.microsoft.com/en-us/magazine/ee335713.aspx | |
| */ | |
| $file = 'billion-laughs-2.xml'; | |
| $file = 'quadratic-blowup-2.xml'; | |
| printf("Mem: %s (Peak: %s)\n", number_format(memory_get_usage(), 0, '', ' '), number_format(memory_get_peak_usage(), 0, '', ' ')); |
snoopysecurity
/ php_xxe_tester.php
Created
June 21, 2020 19:37
— forked from lukaskuzmiak/php_xxe_tester.php
PHP XXE tester
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Extended tester from ezimuel (https://gist.github.com/ezimuel/9135151) | |
| // The libxml entity loader is disabled by default | |
| // even setting the libxml_disable_entity_loader to false doesn't works! | |
| // | |
| // @see http://uk3.php.net/manual/en/function.libxml-disable-entity-loader.php | |
| // @see http://stackoverflow.com/a/10213239 | |
| // @see https://stackoverflow.com/questions/24117700 | |
| $dir = __DIR__; |
snoopysecurity
/ BurpSuiteSSLPassTrough.json
Created
June 25, 2020 23:18
— forked from vsec7/BurpSuiteSSLPassTrough.json
Filter out the noise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxy":{ | |
| "ssl_pass_through":{ | |
| "automatically_add_entries_on_client_ssl_negotiation_failure":false, | |
| "rules":[ | |
| { | |
| "enabled":true, | |
| "host":".*\\.google\\.com", | |
| "protocol":"any" | |
| }, |
snoopysecurity
/ writing-eslint-rule.md
Created
November 10, 2020 21:36
— forked from sindresorhus/writing-eslint-rule.md
Gettings started writing a ESLint rule
First, take a look at the ESLint rule documentation. Just skim it for now. It's very long and boring. You can come back to it later.
ESLint rules works on the AST (Abstract Syntax Tree) representation of the code. In short, this is a tree structure that describes the code in a very verbose form. ESLint walks this tree and rules can subscribe to be notified when it hits a specific node type, like a Literal type, which could be the "hello" part of const welcome = "hello";.
Go ahead and play around with some code in AST Explorer (Make sure the parser is espree). It's a great tool!
Here are some good articles on the subject (ignore the scaffolding parts):
snoopysecurity
/ subdomains_h1.txt
Created
November 14, 2020 23:03
— forked from caioluders/subdomains_h1.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $$ | |
| $Any$ | |
| $shop$ | |
| $your-shop$ | |
| %20%44omain%20%3d | |
| %2f%2f%2fbing | |
| %60x | |
| %domain% | |
| %user% | |
| %your_domain% |
snoopysecurity
/ parameters_h1.txt
Created
November 14, 2020 23:03
— forked from caioluders/parameters_h1.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - | |
| . | |
| .. | |
| ... | |
| .... | |
| .AMRU | |
| .json | |
| .onion | |
| .txt | |
| 0 |
snoopysecurity
/ paths_h1.txt
Created
November 14, 2020 23:03
— forked from caioluders/paths_h1.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Cookie=test=test | |
| "--><svg | |
| "><script>prompt("exr")< | |
| $ | |
| $1 | |
| $a | |
| $account_id | |
| $code |
OlderNewer