#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
// Ported from Stefan Gustavson's java implementation | |
// http://staffwww.itn.liu.se/~stegu/simplexnoise/simplexnoise.pdf | |
// Read Stefan's excellent paper for details on how this code works. | |
// | |
// Sean McCullough banksean@gmail.com | |
/** | |
* You can pass in a random number generator object if you like. | |
* It is assumed to have a random() method. | |
*/ |
/* | |
--- | |
name: guilloche | |
script: guilloche.js | |
description: guilloche | |
provides: [Guilloche] | |
... | |
*/ |
# On bash + Linux | |
# Show TCP sockstats every 5 seconds | |
$ while [ : ]; do echo -n `date`; echo -n ": "; cat /proc/net/sockstat | sed 'N;s/\n/ /;' | grep TCP; sleep 5; done | |
# Show netstat connection state counts every 5 seconds | |
$ while [ : ]; do echo -n `date`; echo -n ": "; netstat -n | awk '/^tcp/ {t[$NF]++}END{for(state in t){print state, t[state]} }' | tr '\n' ' '; echo ; sleep 5; done | |
# Show top 25 established IPs and their counts | |
$ lsof -n|grep TCP|grep ESTABLISHED|awk '{print $9}' |grep -e "->"|awk -F '->' '{print $2}'|awk -F ':' '{print $1}'|sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n|uniq -c|sort -rn|head -25 |
/* Save this file with a jsx extension and place in your | |
Illustrator/Presets/en_US/Scripts folder. You can then | |
access it from the File > Scripts menu */ | |
var decimalPlaces = 3; | |
if (app.documents.length > 0) { | |
if (app.activeDocument.selection.length < 1) { | |
alert('Select a path'); |
INTRO | |
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
Short Link: http://tiny.cc/awssecurity | |
Official AWS Security Resources | |
* Security Blog - http://blogs.aws.amazon.com/security/ | |
* Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
#!/bin/bash | |
# Thanks to MattJ at: | |
# http://www.brassmill.net/2015/10/using-the-aws-cli-with-roles-security-token-service-and-mfa/ | |
# | |
# User must have 'iam:GetUser' permission on themselves that doesn't require MFA | |
[ -z $1 ] && echo "Please enter your MFA code" && exit 1 | |
user=$(aws iam get-user \ |
#!/bin/bash | |
# query.sh from BreachCompilation - magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3 | |
# works with older bash versions. | |
# patch by Willem <itsme@xs4all.nl> | |
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | |
if [ "$1" != "" ]; then | |
word1=$(echo $1 | tr A-Z a-z) | |
letter1=$(echo $word1|cut -b1) | |
if [[ $letter1 == [a-zA-Z0-9] ]]; then |
Also see the original Pieter Noordhuis's guide
You need: