Skip to content

Instantly share code, notes, and snippets.

View BKreisel's full-sized avatar
💯

Brandon Kreisel BKreisel

💯
18 followers · 12 following
  • Golden, Colorado
View GitHub Profile
@aaroneaton
aaroneaton / php.snippets
Created March 10, 2011 20:08
CodeIgniter PHP snippets for the VIM plugin SnipMate
# SnipMate is required to use snippets
# Download SnipMate: http://www.vim.org/scripts/script.php?script_id=2540
# Put this file in ~/.vim/snippets/ then restart vim
# This snippet file includes many useful snippets for CodeIgniter. Please feel free to fork and contribute!
snippet php
<?php
${1}
?>
snippet ec
echo "${1:string}"${2};
@mattifestation
mattifestation / PowerShellDSCLateralMovement.ps1
Created March 4, 2018 23:24
# This idea originated from this blog post on Invoke DSC Resources directly:
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/
<#
$MOFContents = @'
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
{
ResourceID = "[Script]ScriptExample";
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
@lothan
lothan / CVE-2022-23935.md
Created March 18, 2022 18:17
Command Injection in Exiftool before 12.38

Overview

Exiftool versions < 12.38 are vulnerable to Command Injection through a crafted filename. If the filename passed to exiftool ends with a pipe character | and exists on the filesystem, then the file will be treated as a pipe and executed as an OS command.

Description

Exiftool is a "a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files." One of its features is being able to read metadata of compressed images. The code for this is GetImageInfo in exiftool:

sub GetImageInfo($$)