Skip to content

Instantly share code, notes, and snippets.

View michaellcader's full-sized avatar
🏠
Working from home

MichaellCader michaellcader

🏠
Working from home
37 followers · 39 following
View GitHub Profile
@shriyanss
shriyanss / sql-insert.md
Last active January 7, 2025 19:09
SQL Injection - Payloads and resultant queries - INSERT

Must read

This is for SQL INSERT statement. For SELECT statements, please see https://gist.github.com/shriyanss/6192ee7eb80da5efc26916922fc9b035

I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-

Certainly, here are examples of malicious inputs that could lead to SQL injection vulnerabilities in INSERT statements, along with the resulting queries. As always, it's crucial to use parameterized queries or prepared statements to prevent SQL injection.

Example 1: Classic SQL Injection in INSERT

Malicious Input:

@shriyanss
shriyanss / sql-select.md
Last active January 21, 2025 16:28
SQL Injection - Payloads and resultant queries - SELECT

Must read

This is for SQL INSERT statement. For INSERT statements, please see https://gist.github.com/shriyanss/1139f8c2b01e074642b7df745f9abc55

I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-

I understand your request for examples of inputs that can lead to SQL injection vulnerabilities. Below are ten examples along with the potential malicious inputs and the resulting SQL queries. Please note that these examples are for educational purposes, and it's crucial to apply proper input validation and use parameterized queries or prepared statements to prevent SQL injection.

Example 1: Classic SQL Injection

Malicious Input:

@colinrubbert
colinrubbert / getAllGlobals.js
Created August 23, 2023 14:44
Get all runtime global variables set by the app
/**
* RuntimeGlobalsChecker
*
* You can use this utility to quickly check what variables have been added (or
* leaked) to the global window object at runtime (by JavaScript code).
* By running this code, the globals checker itself is attached as a singleton
* to the window object as "__runtimeGlobalsChecker__".
* You can check the runtime globals programmatically at any time by invoking
* "window.__runtimeGlobalsChecker__.getRuntimeGlobals()".
*
@win3zz
win3zz / zendesk_endpoints.txt
Created July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
POST /api/v2/accounts
GET /api/v2/activities?since=cstest
GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest
GET /api/v2/automations
POST /api/v2/automations
GET /api/v2/bookmarks
POST /api/v2/bookmarks
GET /api/v2/brands
POST /api/v2/brands
GET /api/v2/custom_objects
@lauritzh
lauritzh / poc.js
Created May 9, 2023 08:22
OAuth 2.0 / OpenID Connect 1.0 SSO Login CSRF PoC. Authenticates a victim user into an attacker-controlled account at example.com. Requires the target to insecurely implement a Google SSO login using the Authorization Code Grant Type and without any CSRF protection ("state", PKCE).
//
// Headless SSO Login CSRF PoC
// (c) Lauritz Holtmann, 2023
//
const pt = require('puppeteer')
const express = require('express')
const app = express()
const port = 3000
@nullenc0de
nullenc0de / 365doms.py
Created February 23, 2023 01:37
modified from https://github.com/expl0itabl3/check_mdi
#!/usr/bin/env python3
"""
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance.
Usage: ./check_mdi.py -d <domain>
"""
import argparse
import dns.resolver
@SeeFlowerX
SeeFlowerX / clean.sh
Last active June 3, 2024 15:09
clash透明代理抓包配置文件
#!/system/bin/sh
set -ex
ip rule del fwmark 666 table 666 || true
ip route del local 0.0.0.0/0 dev lo table 666 || true
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
@DanaEpp
DanaEpp / guid_reaper.py
Created October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
#!/bin/env python3
import argparse
import datetime
import re
import sys
import uuid
###############################################################################
# Based off of Daniel Thatcher's guid tool
@izadgot
izadgot / iOS_WebViews_inspector.js
Last active August 8, 2024 05:35
sample Frida script for analyse iOS WebViews
//Moved to https://github.com/Incognito-Lab/Frida-WebView-Inspector
//frida -U <ProcessName> -l iOS_WebViews_inspector.js
//This Frida script checks if the Webview class is available in the current process. If it is available, it proceeds to use Frida's `choose` method to enumerate all instances of the class, and for each instance it calls the `onMatch` function.
//After Webview classes instance is initialized, in Frida CLI, `%reload` should be used to reload this script.
if (ObjC.available) {
//Check iOS Version
function iOSVersionFunc() {
var processInfo = ObjC.classes.NSProcessInfo.processInfo();
@cwhinfrey
cwhinfrey / bridge_hacks.md
Last active March 10, 2025 13:06
Bridge Hack List