Skip to content

Instantly share code, notes, and snippets.

View aravindkumarsvg's full-sized avatar

Aravind Kumar SVG aravindkumarsvg

4 followers · 2 following
View GitHub Profile
@aravindkumarsvg
aravindkumarsvg / http_method_spoofing_checklist.md
Created August 15, 2025 15:48
HTTP Method Spoofing Checklist

HTTP Method Spoofing Cheatsheet

Overview

HTTP Method Spoofing is when a client sends a request that appears to be a safe or allowed HTTP method (POST, GET), but actually instructs the server-side framework to treat it as a different method (PUT, PATCH, DELETE) via a hidden parameter or HTTP header.

Purpose:

  • Originally added to support RESTful routes when HTML forms only supported GET and POST.
  • Can be abused if access control is weak.
@aravindkumarsvg
aravindkumarsvg / unicode_js_obfuscation.md
Last active August 19, 2025 16:01
Javascript obfuscation

Writing JavaScript Entirely with Unicode (Escapes & Homoglyphs)

JavaScript can technically be written using only Unicode escape sequences or Unicode homoglyphs. This makes code valid to the JS engine but unreadable or misleading to humans. It is often used in obfuscation, XSS payloads, or supply chain attacks.

1. Unicode Escapes in Identifiers

@aravindkumarsvg
aravindkumarsvg / svg_animate_cheatsheet.md
Created August 18, 2025 19:01
SVG animate SIML XSS cheatsheet

📌 SVG <animate> Cheat Sheet for XSS Payloads

🔹 What is <animate>?

  • The <animate> element in SVG is used to animate attributes of another SVG element.
  • Host element = the element whose attribute is being animated.
    • If <animate> has no href, the parent element becomes the host.
    • If <animate href="#id"> is present, the host = the element with that ID.
@aravindkumarsvg
aravindkumarsvg / html_quirks_cheatsheet.md
Last active September 16, 2025 12:24
HTML Quirks and XSS Cheat Sheet

🛠️ HTML Quirks and XSS Cheat Sheet

A reference of quirks, behaviors, and security-relevant properties in HTML5 + SVG, useful for penetration testing, payload crafting, and filter bypass research.

HTML Elements Parsing quirks - link mXSS CheatSheet

@aravindkumarsvg
aravindkumarsvg / xml_cheatsheet.md
Last active August 19, 2025 08:14
XML Cheatsheet

XML Ecosystem: Cheatsheet & Quirks

This document provides a high-level overview of major XML technologies. It's designed for developers who need a quick refresher on core concepts, common quirks, and practical examples.

1. XML (eXtensible Markup Language)

The foundation. A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Core Concepts

@aravindkumarsvg
aravindkumarsvg / uri_schemes-quirks.md
Last active September 14, 2025 18:00
URI Schemes Quirks

📑 URI Schemes & Quirks Cheatsheet (for VAPT)

This cheatsheet summarizes URI schemes, their quirks, encoding tricks, and abuse potential.
Useful for a VAPT engineer’s quick recall.

1. Common Dangerous URI Schemes

| Scheme | Example | Quirks / Abuse Potential |

@aravindkumarsvg
aravindkumarsvg / javascript_quirks.md
Last active August 19, 2025 19:08
Javascript quirks

JavaScript Quirks Cheatsheet

This document collects quirks, odd behaviors, and security-relevant details in JavaScript useful for VAPT engineers.

1. Regex vs Division Ambiguity

throw/1/;
@aravindkumarsvg
aravindkumarsvg / llm_vapt_cheatsheet.md
Created August 23, 2025 20:05
LLM VAPT Cheatsheet

LLM Security & VAPT Cheatsheet

APIs

Concept

APIs allow external applications or services to interact with the LLM, usually through REST or GraphQL endpoints.