Skip to content

Instantly share code, notes, and snippets.

View SrdjanCoric's full-sized avatar

Srdjan Coric SrdjanCoric

41 followers · 0 following
View GitHub Profile
@SrdjanCoric
SrdjanCoric / XSS.md
Last active May 1, 2020 13:42

Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. When a user visit the infected or a specially-crafted link , it will execute the malicious javascript.

Famous attacks:

  • Samy worm (2005)
  • Yahoo attack (2013)
  • TwitterDeck attack (2014)

What can we do with XSS:

  • Hijack the user’s session
  • Perform unauthorized activities
@SrdjanCoric
SrdjanCoric / spin_me_arr.rb
Created October 20, 2018 15:02
def spin_me(arr)
arr.each do |word|
word.reverse!
end
end
arr = ['hello', 'world']
puts arr.object_id # 47264354160220
puts spin_me(arr).object_id # 47264354160220
@SrdjanCoric
SrdjanCoric / spin_me_object_id.rb
Created October 20, 2018 15:01
def spin_me(str)
str.split.each do |word|
word.reverse!
end.join(" ")
end
str = 'hello world'
puts str.object_id # 47435609148580
puts spin_me(str).object_id # 47435609148360
@SrdjanCoric
SrdjanCoric / spin_me.rb
Created October 20, 2018 14:59
def spin_me(str)
str.split.each do |word|
word.reverse!
end.join(" ")
end
spin_me("hello world")
@SrdjanCoric
SrdjanCoric / statusController.java
Created June 10, 2018 12:18
package controllers;
import beans.Status;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
@SrdjanCoric
SrdjanCoric / groupcontroller.java
Last active June 5, 2018 08:49
package controllers;
import beans.Group;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
@SrdjanCoric
SrdjanCoric / usercon.java
Last active May 22, 2018 18:25
package controllers;
import beans.User;
import beans.City;
import controllers.CityController;
import static db.DB.user;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
@SrdjanCoric
SrdjanCoric / operator.xhtml
Last active May 22, 2018 18:24
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:b="http://bootsfaces.net/ui"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<h:head>
<title>Ticket Service</title>
@SrdjanCoric
SrdjanCoric / operat.xhtml
Created May 18, 2018 09:48
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:b="http://bootsfaces.net/ui"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<h:head>
<title>Ticket Service</title>
@SrdjanCoric
SrdjanCoric / citycont.java
Created May 18, 2018 09:47
package controllers;
import beans.City;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;