-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathindex.html
161 lines (146 loc) · 8.96 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>@RenwaX23</title>
<style>
/* General Styles */
body {
font-family: 'Arial', sans-serif;
line-height: 1.6;
margin: 0;
padding: 20px;
background-color: #1e1e1e;
color: #e0e0e0;
}
h2 {
color: #ff6f61;
margin-bottom: 20px;
font-size: 2rem;
}
a {
color: #4dabf7;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
ul {
list-style-type: none;
padding: 0;
}
li {
margin-bottom: 10px;
}
b {
color: #ff6f61;
font-size: 1.2rem;
}
.container {
max-width: 800px;
margin: 0 auto;
padding: 20px;
background-color: #2a2a2a;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
}
.section {
margin-bottom: 30px;
}
.section-title {
font-size: 1.5rem;
color: #ff6f61;
margin-bottom: 15px;
border-bottom: 2px solid #444;
padding-bottom: 5px;
}
.footer {
text-align: center;
margin-top: 40px;
font-size: 0.9rem;
color: #888;
}
</style>
</head>
<body>
<div class="container">
<h2>I am ᴿᴱᴺᵂᴬ, I like web</h2>
<div class="section">
<div class="section-title">GitHub</div>
<ul>
<li><a href="https://github.com/RenwaX23/XSSTRON">XSSTRON - Electron JS Browser To Find XSS Vulnerabilities</a></li>
<li><a href="https://github.com/RenwaX23/XSS-Payloads">XSS Payloads - List of XSS Payloads</a></li>
<li><a href="https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md">XSS Without parentheses () - List of XSS Payloads Without Parentheses</a></li>
<li><a href="https://github.com/RenwaX23/Dislike-Hacker">Dislike Hacker - Chrome Extension to Bring Back YT Dislike Counts</a></li>
<li><a href="https://github.com/RenwaX23/txtChat">txtChat - Group Chat Application That Works on File Read & Write in Java</a></li>
<li><a href="https://github.com/RenwaX23/JwanaGaChat">JwanaGaChat - Simple PHP/SQL/JS Group Chat Web Application</a></li>
</ul>
</div>
<div class="section">
<div class="section-title">Writings</div>
<ul>
<li><a href="https://medium.com/@renwa/reflected-xss-in-main-search-waf-sanitizer-bypass-using-2-reflections-c407c78bce03">Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 Reflections</a></li>
<li><a href="https://medium.com/@renwa/client-side-path-traversal-cspt-bug-bounty-reports-and-techniques-8ee6cd2e7ca1">Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques</a></li>
<li><a href="https://medium.com/@renwa/arc-browser-uxss-local-file-read-arbitrary-file-creation-and-path-traversal-to-rce-b439f2a299d1">Arc Browser UXSS, Local File Read, Arbitrary File Creation and Path Traversal to RCE</a></li>
<li><a href="https://gist.github.com/RenwaX23/0311842bb790ce98fe0cd8f41141fdf0">XSS to OAuth access token leak in office online which can be used to account takeover</a></li>
<li><a href="https://medium.com/@renwa/you-are-not-where-you-think-you-are-opera-browsers-address-bar-spoofing-vulnerabilities-aa36ad8321d8">You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities</a></li>
<li><a href="https://huntr.dev/bounties/fd5999fd-b1fd-44b4-ae2e-8f95b5c3d1b6/">Chatwoot postMessage XSS</a></li>
<li><a href="https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0">Opera Browser VPN Bypass</a></li>
<li><a href="https://bugcrowd.com/disclosures/f7ce8504-0152-483b-bbf3-fb9b759f9f89/critical-local-file-read-in-electron-desktop-app">Asana Electron desktop app open redirect to local file read</a></li>
<li><a href="https://medium.com/@renwa/the-underrated-bugs-clickjacking-css-injection-drag-drop-xss-cookie-bomb-login-logout-csrf-84307a98fffa">The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…</a></li>
<li><a href="https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/">XSS to RCE in Opera Browser</a></li>
<li><a href="https://blogs.opera.com/security/2021/09/bug-bounty-guest-post-local-file-read-via-stored-xss-in-the-opera-browser/">Opera Browser Local File Read and UXSS via Stored-XSS</a></li>
<li><a href="https://medium.com/@renwa/facebook-messenger-desktop-app-arbitrary-file-read-db2374550f6d">Facebook Messenger Desktop App Arbitrary File Read</a></li>
<li><a href="https://medium.com/@renwa/copy-drag-paste-drop-2fd4613ad1d1">Copy Drag — Paste Drop</a></li>
<li><a href="https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b">Bypass SameSite Cookies Default to Lax and get CSRF</a></li>
<li><a href="https://medium.com/@renwa/facebook-messenger-disclosing-deleted-messages-that-has-been-deleted-by-remove-for-everyone-1fb5a52cc7df">Facebook Messenger exposing deleted messages using [Remove for Everyone]</a></li>
<li><a href="https://medium.com/@renwa/security-fest-2019-ctf-entropian-web-write-up-f81fb11f675b">Security Fest 2019 CTF, entropian [web] write-up</a></li>
<li><a href="https://medium.com/@renwa/new-technique-to-find-blind-xss-c2efcd377cc2">New technique to find Blind-XSS</a></li>
<li><a href="https://medium.com/@renwa/self-xss-csrf-to-stored-xss-54f9f423a7f1">Self-XSS + CSRF to Stored XSS</a></li>
</ul>
</div>
<div class="section">
<div class="section-title">Stuff</div>
<ul>
<li><a href="https://renwax23.github.io/X/popunder.html">Chrome PopUnder POC</a></li>
<li><a href="https://x.com/RenwaX23/status/1803484432721928280">Edge Browser Mobile Address Bar + XSS</a></li>
<li><a href="https://x.com/RenwaX23/status/1683063527584432128">Web Cache Deception -> Steal CSRF Token -> Application Wide CSRF -> Account Takeover</a></li>
<li><a href="https://x.com/RenwaX23/status/1663624248924020736">XSS Challenge Using Reflect()</a></li>
<li><a href="https://x.com/RenwaX23/status/1541746363125403648">Hard XSS Challenge</a></li>
<li><a href="https://github.com/Super-Guesser/ctf/blob/master/2022/dicectf/shadow.md">DiceCTF 2022 - Shadow Challenge Writeup</a></li>
<li><a href="https://github.com/RenwaX23/X/blob/master/ctf/xsleaks_december.md">New XSLeaks Technique using @font-face</a></li>
<li><a href="https://gist.github.com/RenwaX23/d9147615e58afb50102a2fc7f76ebc2b">ASIS CTF 2021 - Number Manager Solution</a></li>
<li><a href="https://github.com/RenwaX23/X/blob/master/ctf/pwn2win_hackus.md">Pwn2Win 2021 Hackus Solution 0-day</a></li>
<li><a href="https://github.com/RenwaX23/X/blob/master/ctf/omh_polite_notepad.md">OMH 2021 Polite Notepad Solution</a></li>
<li><a href="https://gist.github.com/RenwaX23/196fac7f931fa5b63749b3f0fb4d2f7a">hxpCTF 2020 - Hackme Solution</a></li>
<li><a href="https://github.com/Super-Guesser/ctf/tree/master/2020/pbctf%202020/web/ikea-name-generator">pbCTF 2020 - IKEA Name Generator</a></li>
<li><a href="https://gist.github.com/RenwaX23/05b626efdf85455eab6f3ab7d8535916">KipodAfterFree CTF 2020 Web Challenges</a></li>
<li><a href="https://x.com/RenwaX23/status/1319332755923193859">Small XSS Challenge</a></li>
<li><a href="https://github.com/RenwaX23/X/blob/master/ctf/asis2020/maskstore.md">ASIS CTF Finals 2020 - Masktore Writeup</a></li>
<li><a href="https://gist.github.com/RenwaX23/b366a98b0d89c8744afe8bbda0be9fec">CONFidence CTF 2020, yacc - yayacc</a></li>
<li><a href="https://x.com/RenwaX23/status/1260342626789863428">XSS in Rails apps that uses jQuery-ujs</a></li>
<li><a href="https://x.com/RenwaX23/status/1141788184331935744">WhatsApp RPO to Open Redirect</a></li>
<li><a href="https://renwax23.github.io/X/xs.html">WAF XSS Challenge 2019</a></li>
<li><a href="https://renwax23.github.io/X/incognito.html">Detect Incognito mode in Chromium browsers using view-source://</a></li>
<li><a href="https://renwax23.github.io/X/jsES6_unicode.html">Convert JavaScript functions into ES6 Unicode</a></li>
<li><a href="https://renwax23.github.io/X/jsES6decode.html">Decode ES6 Unicode</a></li>
<li><a href="https://renwax23.github.io/X/xss_auditor">Detecting Chrome XSS Auditor Using <portal></a></li>
<li><a href="https://renwax23.github.io/X/portal_port_scan">Browser-Based Port Scanning Using <portal> Chrome</a></li>
</ul>
</div>
<div class="section">
<div class="section-title">CTF</div>
<ul>
<li><a href="https://twitter.com/SuperGuesser">@SuperGuesser</a></li>
</ul>
</div>
<div class="section">
<div class="section-title">Contact</div>
<ul>
<li><a href="https://twitter.com/RenwaX23">@RenwaX23</a></li>
</ul>
</div>
</div>
</body>
</html>