Skip to content

Instantly share code, notes, and snippets.

View baraths84's full-sized avatar

Barath Subramaniam baraths84

1 follower · 8 following
View GitHub Profile
@baraths84
baraths84 / gist:915e750b3029c09971b002031301161f
Created February 18, 2019 21:42
dependencytrackUIupload
dtrack_1 | 21:28:07.867 INFO [NvdParser] Parsing nvdcve-1.0-2016.json
dtrack_1 | 21:37:23.893 WARN [ModelConverter] Unable to parse PackageURL: pkg:npm/@
dtrack_1 | 21:37:26.075 WARN [Persist] Insert of object "org.dependencytrack.model.Component@488cc81" using statement "INSERT INTO "COMPONENT" ("CLASSIFIER","COPYRIGHT","CPE","DESCRIPTION","EXTENSION","FILENAME","GROUP","LICENSE","MD5","NAME","PARENT_COMPONENT_ID","PURL","LICENSE_ID","SHA1","SHA_256","SHA3_256","SHA3_512","SHA_512","UUID","VERSION") VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)" failed : ERROR: null value in column "NAME" violates not-null constraint
dtrack_1 | Detail: Failing row contains (1668, LIBRARY, null, null, undefined, null, null, null, null, null, null, null, null, null, null, null, null, null, null, b0171ac3-b463-48ed-8cd8-6c119851a53c, null).
dtrack_1 | 21:37:26.121 ERROR [BomUploadProcessingTask] Error while processing bom
dtrack_1 | javax.jdo.JDODataStoreException: Insert of object "org.dependencytrack.model.Componen
@baraths84
baraths84 / track.log
Created December 28, 2018 04:40
dependency-track
AdvisoryMirrorTask] Updating datasource with NPM advisories
dtrack_1 | 02:04:19.734 INFO [NistMirrorTask] Using cached version of nvdcve-2018.xml.gz
dtrack_1 | 02:04:20.225 INFO [NistMirrorTask] Using cached version of nvdcve-2.0-2018.xml.gz
dtrack_1 | 02:04:20.668 INFO [NistMirrorTask] Using cached version of nvdcve-1.0-2018.json.gz
dtrack_1 | 02:04:21.151 INFO [NistMirrorTask] Using cached version of nvdcve-modified.xml.gz
dtrack_1 | 02:04:21.651 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz
dtrack_1 | 02:04:21.687 INFO [NpmAdvisoryMirrorTask] Retrieving NPM advisories from https://registry.npmjs.org/-/npm/v1/security/advisories?page=23
dtrack_1 | 02:04:21.745 INFO [NpmAdvisoryMirrorTask] Updating datasource with NPM advisories
dtrack_1 | 02:04:23.527 INFO [NistMirrorTask] Downloading...
dtrack_1 | 02:04:23.758 INFO [NpmAdvisoryMirrorTask] Retrieving NPM advisories from https://registry.npmjs.org/-/npm/v1/security/advisories?page=24
@baraths84
baraths84 / testx.js
Created October 2, 2018 17:42
testx
function myFunction() {
alert("Hello! I am an alert box!");
}
@baraths84
baraths84 / PwnedPaswordsMongoDB.md
Created September 11, 2018 07:14 — forked from simbo1905/PwnedPaswordsMongoDB.md
How To Load The HIBP Pwned Passwords Database Into MongoDB

How To Load The HIBP Pwned Passwords Database Into MongoDB

NIST recommends that when users are trying to set a password you should reject those that are commonly used or compromised:

When processing requests to establish and change memorized secrets, 
verifiers SHALL compare the prospective secrets against a list that 
contains values known to be commonly-used, expected, or compromised.

But how do you know what are the compromised passwords? Luckily Troy Hunter put a lot of effort into building the "Have I Been Pwned (HIBP)" database with the SHA1 hashes of 501,636,842 passwords that have been compromised on the internet. Sweet.

@baraths84
baraths84 / json
Created April 3, 2018 21:59
test
{"csp-report":{"document-uri":"https://www.ssdsdsd.com/shop/product/paule-ka-floral-jacquard-sheath-dress?ID=2815213&CategoryID=2910","referrer":"","violated-directive":"style-src","effective-directive":"style-src","original-policy":"media-src blob: 'self' *.fds.com *.ssdsdsd.com m.ssdsdsd.com *.brightcove.com *.webcollage.net ssl.gstatic.com vjs.zencdn.net *.cloudfront.net brightcove.hs.llnwd.net;object-src 'self' *.brightcove.com players.brightcove.net vjs.zencdn.net brightcove.hs.llnwd.net ci-mpsnare.iovation.com metrics.brightcove.com secure.brightcove.com *.ssdsdsd.com m.ssdsdsd.com h.online-metrix.net *.fds.com mpsnare.iesnare.com *.cloudfront.net *.webcollage.net;font-src 'self' data: *.fds.com origin.extole.io fonts.gstatic.com api.cloudsponge.com *.ssdsdsd.com m.ssdsdsd.com gateway.answerscloud.com sxt.cdn.skype.com *.webcollage.net cdn.joinhoney.com storage.googleapis.com maxcdn.bootstrapcdn.com assets.ssdsdsd.com themes.googleusercontent.com cdnjs.cloudflare.com *.cloudfront.net netdna.bootstrap
@baraths84
baraths84 / Challenge 5 -sql injection 1
Created October 20, 2015 06:27
//Setting IpAddress To Log and taking header for original IP if forwarded from proxy
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
HttpSession ses = request.getSession(true);
//Translation Stuff
Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
ResourceBundle errors = ResourceBundle.getBundle("i18n.servlets.errors", locale);
ResourceBundle bundle = ResourceBundle.getBundle("i18n.servlets.challenges.sqli.sqli1", locale);
@baraths84
baraths84 / Challenge 4 -Sql Injection1
Created October 20, 2015 06:26
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
PrintWriter out = response.getWriter();
out.print(getServletInfo());
//Translation Stuff
Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
ResourceBundle errors = ResourceBundle.getBundle("i18n.servlets.errors", locale);
ResourceBundle bundle = ResourceBundle.getBundle("i18n.servlets.lessons.sqlInjection", locale);
@baraths84
baraths84 / Challenge 3 Poor Data V
Created October 20, 2015 06:25
public void doPost (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
//Setting IpAddress To Log and taking header for original IP if forwarded from proxy
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
//Translation Stuff
Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
ResourceBundle errors = ResourceBundle.getBundle("i18n.servlets.errors", locale);
ResourceBundle bundle = ResourceBundle.getBundle("i18n.servlets.lessons.poorValidation", locale);
@baraths84
baraths84 / Challenge 2
Created October 20, 2015 06:20
public void doPost (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
//Setting IpAddress To Log and taking header for original IP if forwarded from proxy
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
//Translation Stuff
Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
ResourceBundle errors = ResourceBundle.getBundle("i18n.servlets.errors", locale);
ResourceBundle bundle = ResourceBundle.getBundle("i18n.servlets.lessons.directObject", locale);
@baraths84
baraths84 / gist:78eeea289f0e43e08c44
Created October 20, 2015 06:16
XSS 1
try
{
HttpSession ses = request.getSession(true);
if(Validate.validateSession(ses))
{
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString());
log.debug(levelName + " accessed by: " + ses.getAttribute("userName").toString());
Cookie tokenCookie = Validate.getToken(request.getCookies());
Object tokenParmeter = request.getParameter("csrfToken");
if(Validate.validateTokens(tokenCookie, tokenParmeter))