├── .gitignore
├── 2015-09-05-XSS_encodeURI.html
├── 2015-09-12-XSS_Reflected.md
├── 2015-09-16-XSS.md
├── 2015-11-07-SQLMap.md
├── 2015-11-08-MyWay.md
├── 2015-11-18-WeiboCSRF.md
├── 2016-03-16-XSS.md
├── 2016-05-16-Bypass-URL-Check.md
├── 2016-05-17-Bypass-Chrome-XSS-Auditor.md
├── 2016-06-07-document.domain的妙用.md
├── 2016-06-27-location.hash绕过长度限制.md
├── 2016-07-18-JS语法错误vs语义错误.md
├── 2016-08-05-利用XSSAuditor阻止网站加载指定的JS文件.md
├── 2016-08-13-HPP-and-URL-Bypass.md
├── 2016-09-07-Weird-Behavior-of-IE.md
├── 2016-09-15-外部服务被劫持导致信息泄露.md
├── 2016-10-13-Flask-MongoEngine连接问题的思考.md
├── 2016-11-05-RedisSentinel配置失误.md
├── 2016-11-05-软链接引起的事故.md
├── 2016-11-10-配置Mongodb集群的问题.md
├── 2016-11-15-iptables相关配置.md
├── 2016-11-18-supervisor常用操作.md
├── 2017-03-22.md
├── 2017-03-23.md
├── 2017-03-24.md
├── 2017-03-30.md
├── 2017-04-01.md
├── 2017-04-16.md
├── 2017-08-27-找出是谁登录了你的Gitlab服务器.md
├── README.md
├── addthis_poc
    └── poc.html
├── images
    └── 20150916232022.png
└── tools
    ├── crxmake.py
    ├── generate_csrf_form.py
    ├── hunt.py
    ├── requirements.txt
    ├── top_100_pass.txt
    ├── xss_via_redirect.py
    └── zf.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | 


--------------------------------------------------------------------------------
/2015-09-05-XSS_encodeURI.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-09-05-XSS_encodeURI.html


--------------------------------------------------------------------------------
/2015-09-12-XSS_Reflected.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-09-12-XSS_Reflected.md


--------------------------------------------------------------------------------
/2015-09-16-XSS.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-09-16-XSS.md


--------------------------------------------------------------------------------
/2015-11-07-SQLMap.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-11-07-SQLMap.md


--------------------------------------------------------------------------------
/2015-11-08-MyWay.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-11-08-MyWay.md


--------------------------------------------------------------------------------
/2015-11-18-WeiboCSRF.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2015-11-18-WeiboCSRF.md


--------------------------------------------------------------------------------
/2016-03-16-XSS.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-03-16-XSS.md


--------------------------------------------------------------------------------
/2016-05-16-Bypass-URL-Check.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-05-16-Bypass-URL-Check.md


--------------------------------------------------------------------------------
/2016-05-17-Bypass-Chrome-XSS-Auditor.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-05-17-Bypass-Chrome-XSS-Auditor.md


--------------------------------------------------------------------------------
/2016-06-07-document.domain的妙用.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-06-07-document.domain的妙用.md


--------------------------------------------------------------------------------
/2016-06-27-location.hash绕过长度限制.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-06-27-location.hash绕过长度限制.md


--------------------------------------------------------------------------------
/2016-07-18-JS语法错误vs语义错误.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-07-18-JS语法错误vs语义错误.md


--------------------------------------------------------------------------------
/2016-08-05-利用XSSAuditor阻止网站加载指定的JS文件.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-08-05-利用XSSAuditor阻止网站加载指定的JS文件.md


--------------------------------------------------------------------------------
/2016-08-13-HPP-and-URL-Bypass.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-08-13-HPP-and-URL-Bypass.md


--------------------------------------------------------------------------------
/2016-09-07-Weird-Behavior-of-IE.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-09-07-Weird-Behavior-of-IE.md


--------------------------------------------------------------------------------
/2016-09-15-外部服务被劫持导致信息泄露.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-09-15-外部服务被劫持导致信息泄露.md


--------------------------------------------------------------------------------
/2016-10-13-Flask-MongoEngine连接问题的思考.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-10-13-Flask-MongoEngine连接问题的思考.md


--------------------------------------------------------------------------------
/2016-11-05-RedisSentinel配置失误.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-11-05-RedisSentinel配置失误.md


--------------------------------------------------------------------------------
/2016-11-05-软链接引起的事故.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-11-05-软链接引起的事故.md


--------------------------------------------------------------------------------
/2016-11-10-配置Mongodb集群的问题.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-11-10-配置Mongodb集群的问题.md


--------------------------------------------------------------------------------
/2016-11-15-iptables相关配置.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-11-15-iptables相关配置.md


--------------------------------------------------------------------------------
/2016-11-18-supervisor常用操作.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2016-11-18-supervisor常用操作.md


--------------------------------------------------------------------------------
/2017-03-22.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-03-22.md


--------------------------------------------------------------------------------
/2017-03-23.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-03-23.md


--------------------------------------------------------------------------------
/2017-03-24.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-03-24.md


--------------------------------------------------------------------------------
/2017-03-30.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-03-30.md


--------------------------------------------------------------------------------
/2017-04-01.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-04-01.md


--------------------------------------------------------------------------------
/2017-04-16.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-04-16.md


--------------------------------------------------------------------------------
/2017-08-27-找出是谁登录了你的Gitlab服务器.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/2017-08-27-找出是谁登录了你的Gitlab服务器.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/README.md


--------------------------------------------------------------------------------
/addthis_poc/poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/addthis_poc/poc.html


--------------------------------------------------------------------------------
/images/20150916232022.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/images/20150916232022.png


--------------------------------------------------------------------------------
/tools/crxmake.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/crxmake.py


--------------------------------------------------------------------------------
/tools/generate_csrf_form.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/generate_csrf_form.py


--------------------------------------------------------------------------------
/tools/hunt.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/hunt.py


--------------------------------------------------------------------------------
/tools/requirements.txt:
--------------------------------------------------------------------------------
1 | futures
2 | multicpu
3 | 


--------------------------------------------------------------------------------
/tools/top_100_pass.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/top_100_pass.txt


--------------------------------------------------------------------------------
/tools/xss_via_redirect.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/xss_via_redirect.py


--------------------------------------------------------------------------------
/tools/zf.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zhchbin/xxxx/HEAD/tools/zf.py


--------------------------------------------------------------------------------