Skip to content

Instantly share code, notes, and snippets.

View hussein98d's full-sized avatar

hussein98d

84 followers · 0 following
  • @javascript:alert(1)
  • xdjavascript:alert(1)
View GitHub Profile
@hussein98d
hussein98d / xd."><img src=x onerror=prompt(1);>
Created September 19, 2016 23:42
"><img src=x onerror=prompt(1);>
@hussein98d
hussein98d / subs.esd
Last active November 11, 2020 08:58
blabla
This file has been truncated, but you can view the full file.
# 通用规则
## 单字母,比如s.feei.cn
{letter}
## 单字母+单数字,比如s1.feei.cn
{letter}{number}
## 双字母,比如sd.feei.cn
{letter}{letter}
@hussein98d
hussein98d / ssrf.sh
Created May 7, 2020 02:09
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
echo >&2 "ERROR: Domain not set"
exit 2
fi
if [ -z "$2" ]; then
echo >&2 "ERROR: Sever link not set"
exit 2
@hussein98d
hussein98d / x.json
Created December 4, 2021 05:34
{"swagger":"2.0","info":{"description":"This is a sample server Petstore server. You can find out more about Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). For this sample, you can use the api key `special-key` to test the authorization filters.","version":"1.0.0","title":"Swagger Petstore","termsOfService":"http://swagger.io/terms/","contact":{"email":"[email protected]"},"license":{"name":"Apache 2.0","url":"http://www.apache.org/licenses/LICENSE-2.0.html"}},"host":"localhost:4567","basePath":"/v2","tags":[{"name":"pet","description":"Everything about your Pets","externalDocs":{"description":"Find out more","url":"http://swagger.io"}},{"name":"store","description":"Access to Petstore orders"},{"name":"user","description":"Operations about user","externalDocs":{"description":"Find out more about our store","url":"http://swagger.io"}}],"schemes":["http"],"paths":{"/pet":{"post":{"tags":["pet"],"summary":"Add a new pet to the store","description
@hussein98d
hussein98d / test.json
Created May 20, 2022 08:39
{
"info": {
"_postman_id": "c65cb36c-c2a2-43d4-9113-c43d61b9a2cd",
"name": "Xfers API",
"description": "![Xfers Developer API Documentation](https://www.xfers.io/images/xfersLogo.png)\n\nWelcome to Xfers' API. \n\n# Integration Guides\n[Overview on integrating Xfers Wallet](javascript:alert()) \n[Xfers Connect Flow](https://www.lucidchart.com/publicSegments/view/017a4cda-6a5d-4013-ae4f-6daf81175157/image.png) \n[Top up Flow](https://www.lucidchart.com/publicSegments/view/c29b0c13-0573-44b4-91f6-fe489cfa964e/image.png) \n[Transactional Flow](https://www.lucidchart.com/publicSegments/view/23b4e3b6-dce1-4b98-a2aa-30fc8648db75/image.png) \n\n# Environments\n\nCountry \\ Environment | Sandbox | Production\n----------- | ------- | -----------\nIndonesia | https://sandbox-id.xfers.com/ | https://id.xfers.com/\nSingapore | https://sandbox.xfers.io/ | https://www.xfers.io/\n\nNotes:\n- Your platform will have separate API keys for each environment.\n- Data created or modified in each environment will not a