fadyosman

<html>

<head>
    <script>
        function filter(F) {
            F = unescape(F).replace(/\n/g, "").replace(/\r/g, "").replace(/\t/g, "").replace(/javascript:/ig, '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;');
            return F;
        }
        function locationHashChanged(e) {
            var F = location.hash.substring(1);

fadyosman

<head>
    <title>Jquery XSS Example</title>
    <script src="https://code.jquery.com/jquery-3.6.1.min.js"
        integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script>
    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js"
        integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
    <script>
        function init() {
            $("#datepicker").datepicker({ altField: "dangerous if your input reaches here" });
        };

fadyosman

<html>

<head>
	<title>
		Devtools : initiators
	</title>
	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"
		integrity="sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA=="
		crossorigin="anonymous" referrerpolicy="no-referrer"></script>
</head>

RajChowdhury240

Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
        "com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
        "com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
        "com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
        "de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
        "com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
        "eu.chainfire.supersu.pro", "com.kingouser.com"
    ];

bugbountynights

${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}

nullenc0de

wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

manoelt

import requests
from bbrf import BBRFClient as bbrf

API_USER = ''
API_KEY = ''
API_URL = 'https://api.hackerone.com/v1/hackers'


def get_programs(_next=None):
    endpoint = '/programs?page[size]=100'

tomnomnom

https://twitter.com/intigriti/status/1399317852788830211

[][`flat`][`constructor`]`alert(document.domain)```

`${e}` => [object HTMLProgressElement]
`${[]/[]}` => NaN
`${[][[]]}` => undefined

flat
constructor

nytr0gen

// 1. Go to your Following page. Mine would be https://twitter.com/nytr0gen_/following
// 2. Run this script in the Console. Change maxUnfollows to anything you want.
// 3. Check in from time to time and run it again if it fails.

sendUnfollow = () => document.querySelector('[data-testid=UserCell] [data-testid*=unfollow] span span').click();
confirmUnfollow = () => document.querySelector('[data-testid=confirmationSheetConfirm] span span').click();
sleep = ms => new Promise(r => setTimeout(r, ms));

i = 0;
maxUnfollows = 1000;

MindPatch

from startpage import StartPage
import sys

task = StartPage()
for numb,results in task.search(sys.argv[1],page=10).items():
    for res in results:
        print(res['link'])