Skip to content

Instantly share code, notes, and snippets.

View arash16's full-sized avatar
💭
Coding..

Arash Shakery arash16

💭
Coding..
96 followers · 8 following
View GitHub Profile
@arash16
arash16 / test
Last active December 23, 2023 16:22
{{1337*1337}}
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
@arash16
arash16 / CVE-2023-41892-POC.md
Created December 13, 2023 18:39 — forked from to016/CVE-2023-41892-POC.md
CVE-2023-41892 (Craft CMS Remote Code Execution) - POC

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

@arash16
arash16 / gist:6e76c9ed6f6622ea06e25d729224f4ff
Created September 20, 2023 17:13
lint
module.exports = {
settings: {
'react': { version: 'detect' },
'import/extensions': ['.ts', '.js', '.tsx'],
'import/resolver': {
typescript: {
// alwaysTryTypes: true,
project: __dirname,
},
},
@arash16
arash16 / open-api.json
Last active February 8, 2023 09:05
{
"$id": "https://spec.openapis.org/oas/3.1/schema/2022-10-07",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "The description of OpenAPI v3.1.x documents without schema validation, as defined by https://spec.openapis.org/oas/v3.1.0",
"type": "object",
"properties": {
"openapi": {
"type": "string",
"pattern": "^3\\.1\\.\\d+(-.+)?$"
},
@arash16
arash16 / .dev.vars
Created January 18, 2023 10:52
SENDGRID_KEY=sendgrid-api-key
SECRET=secret-to-sign-subscription-links
@arash16
arash16 / data.json
Last active December 28, 2022 11:38
An updated gist description
{
"comments": [
{ "user": "arash16", "text": "hello world" },
{ "user": "arash16", "text": "hello 2" },
{ "user": "arash16", "text": "hello 2" },
{ "user": "arash16", "text": "hello 5" },
{ "user": "arash16", "text": "hello 7" }
]
}
@arash16
arash16 / create-upload-form.js
Last active March 25, 2020 07:04
/*
export AWS_ACCESS_KEY=key
export AWS_SECRET_ACCESS_KEY=secret
export AWS_BUCKET_NAME=bucket
yarn init
yarn add aws-sdk
node server.js
*/
@arash16
arash16 / rejection-reasons.json
Created January 20, 2020 09:41
[
{
"id": 1,
"name": "0 \u0631\u0633\u06cc\u062f\u06af\u06cc \u0628\u0647 \u062a\u062e\u0644\u0641",
"children": [
{
"id": 3,
"name": "\u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062a\u0648\u0636\u06cc\u062d\u06cc \u06af\u0645\u0631\u0627\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 ",
"description": "\ufeff\u0648\u062c\u0648\u062f \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u06af\u0645\u0631\u0627\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0648 \u063a\u06cc\u0631 \u0648\u0627\u0642\u0639\u06cc \u062f\u0631 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062a\u0648\u0636\u06cc\u062d\u06cc \u0628\u0631\u0646\u0627\u0645\u0647: \n\u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0646\u0628\u0627\u06cc\u062f \u062f\u0627\u0631\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\u06cc \u063a\u0644\u0637 \u0648 \u06af\u0645\u0631\u0627\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u062f\u0631 \u0645\u062d\u062a\u0648\u0627\u
@arash16
arash16 / install-service-worker.js
Last active September 14, 2022 12:19
// this code is executed in the context of each tab
import {Workbox} from 'workbox-window';
if ('serviceWorker' in navigator) {
const wb = new Workbox('/sw.js');
wb.addEventListener('waiting', () => {
console.log('A new service worker has installed');
wb.addEventListener('controlling', () => {
@arash16
arash16 / 0-blue-green-deployment.sh
Last active February 25, 2023 17:46
Sample minimal blue/green deployment strategy codes used on cafebazaar.ir
# this is a minimal sample code used for ci pipelines to implement blue/green deployment