virusdefender

## Bootstrap_XSS.md

      
              1 file
            
          
              32 forks
            
          
              1 comment
            
          
              100 stars
            
          
                BlackFan
                / Bootstrap_XSS.md
            
            
              Last active
              June 17, 2024 04:09
            
              
                Bootstrap XSS Collection
              
          
    CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1
✔️ CSP strict-dynamic bypass
➖ Requires user interaction
➖ Requires $('[data-toggle="tooltip"]').tooltip();

  
## wx_t1t_hack.js
var CryptoJS = require('crypto-js')
var request = require('request-promise')

/*
 * npm install crypto-js request-promise request
 * node wx_t1t_hack.js
 */

// export function testEncription(msg, fullKey) {
//   var fullKey = fullKey.slice(0, 16)

## anonymous
#define SECURITY_WIN32 //Define First Before Imports.

#include <windows.h>
#include <stdio.h>
#include <Sspi.h> //Be sure to reference secur32.lib in Linker | Input | Additional Dependencies


FARPROC fpEncryptMessage; //Pointer To The Original Location
BYTE bSavedByte; //Saved Byte Overwritten by 0xCC -

## cipher_encryption_decryption.go
package main

import (
	"crypto/aes"
	"crypto/cipher"
	"fmt"
	"reflect"
	"strconv"
	"time"
)

## _config.yml
# will substitute :author with the variable author in your file (also works with defaults).
permalink:      /:author/:slug/
# You need to have this extra permalink_custom_vars array to tell the plugin which substitutions to make
permalink_custom_vars: ['author']
# Note that you don't have to include the supported variables in this list as jekyll takes care of that
# For a complete list of variables jekyll supports, see: https://jekyllrb.com/docs/permalinks/#template-variables

## go-ssh-reverse-tunnel.go
/*

Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:

   ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123

which opens a tunnel between the two endpoints and permit to exchange information on this direction:

   server:8080 -----> client:8080

## flask_gunicorn_app.py
# This gist shows how to integrate Flask into a
# custom Gunicorn-WSGI application described
# here: http://docs.gunicorn.org/en/stable/custom.html

from __future__ import unicode_literals

import multiprocessing

import gunicorn.app.base

## usb_hid_keys.h
/**
 * USB HID Keyboard scan codes as per USB spec 1.11
 * plus some additional codes
 *
 * Created by MightyPork, 2016
 * Public domain
 *
 * Adapted from:
 * https://source.android.com/devices/input/keyboard-devices.html
 */

## codesign.sh
#!/bin/sh

# To the extent possible under law, Viktor Szakats
# has waived all copyright and related or neighboring rights to this
# script.
# CC0 - https://creativecommons.org/publicdomain/zero/1.0/
# SPDX-License-Identifier: CC0-1.0

# shellcheck disable=SC3040,SC2039
set -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail

## scriptlet.md

      
              1 file
            
          
              6 forks
            
          
              2 comments
            
          
              54 stars
            
          
                cure53
                / scriptlet.md
            
            
              Last active
              February 1, 2024 19:33
            
              
                The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts
              
          
    The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

Like popping alerts in weird situations
Miss CSS expressions as much as we do
Have an unhealthy obsession for markup porn

Introduction
	var CryptoJS = require('crypto-js')
	var request = require('request-promise')

	/*
	* npm install crypto-js request-promise request
	* node wx_t1t_hack.js
	*/

	// export function testEncription(msg, fullKey) {
	// var fullKey = fullKey.slice(0, 16)
	#define SECURITY_WIN32 //Define First Before Imports.

	#include <windows.h>
	#include <stdio.h>
	#include <Sspi.h> //Be sure to reference secur32.lib in Linker \| Input \| Additional Dependencies


	FARPROC fpEncryptMessage; //Pointer To The Original Location
	BYTE bSavedByte; //Saved Byte Overwritten by 0xCC -
	package main

	import (
	"crypto/aes"
	"crypto/cipher"
	"fmt"
	"reflect"
	"strconv"
	"time"
	)
	# will substitute :author with the variable author in your file (also works with defaults).
	permalink: /:author/:slug/
	# You need to have this extra permalink_custom_vars array to tell the plugin which substitutions to make
	permalink_custom_vars: ['author']
	# Note that you don't have to include the supported variables in this list as jekyll takes care of that
	# For a complete list of variables jekyll supports, see: https://jekyllrb.com/docs/permalinks/#template-variables
	/*

	Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:

	ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123

	which opens a tunnel between the two endpoints and permit to exchange information on this direction:

	server:8080 -----> client:8080
	# This gist shows how to integrate Flask into a
	# custom Gunicorn-WSGI application described
	# here: http://docs.gunicorn.org/en/stable/custom.html

	from __future__ import unicode_literals

	import multiprocessing

	import gunicorn.app.base
	/**
	* USB HID Keyboard scan codes as per USB spec 1.11
	* plus some additional codes
	*
	* Created by MightyPork, 2016
	* Public domain
	*
	* Adapted from:
	* https://source.android.com/devices/input/keyboard-devices.html
	*/
	#!/bin/sh

	# To the extent possible under law, Viktor Szakats
	# has waived all copyright and related or neighboring rights to this
	# script.
	# CC0 - https://creativecommons.org/publicdomain/zero/1.0/
	# SPDX-License-Identifier: CC0-1.0

	# shellcheck disable=SC3040,SC2039
	set -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail