Bernard Ngandu bernard-ng

## medium-csrf-symfony.php
<?php
// ...
use App\Entity\Task;
use Symfony\Component\OptionsResolver\OptionsResolver;
class TaskType extends AbstractType
{
    // ...
    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults([

## medium-csrf-check-referer.php
<?php

function validRequest(): bool {
    $myDomain = $_SERVER['SCRIPT_URI'];
    $requestsSource = $_SERVER['HTTP_REFERER'];

    return parse_url($myDomain, PHP_URL_HOST) === parse_url($requestsSource, PHP_URL_HOST);
}

## medium-csrf-psr-15-with-token.html
<!-- mon site -->
<form action="https://devs-cast.com/blog/1/delete" method="POST">
	<input type="hidden" name="_csrf_blog_1" value="afji9fj3dkdki3niadqer9>"/>
	<button>Supprimer</button>
</form>

## medium-csrf-psr-15.html
<!-- site de l'attaquant -->
<form action="https://devs-cast.com/blog/1/delete" method="POST">
        <button>Vous avez gagné un voyage à paris</button>
</form>

## medium-csrf-psr-15.php
<?php

$middleware = new CsrfMiddleware($_SESSION, 200);
$app->pipe($middleware);

// Generate input
$input = "<input type='hidden' name='{$middleware->getFormKey()}' value='{$middleware->generateToken()}'/>

## user.sh
cut -d: -f1 /etc/passwd # list users on the server
sudo useradd --create-home username # create user and home directory
sudo passwd username # set password for user
usermod -aG sudo username # add user to sudo group

echo "username  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username # create a sudoer file

userdel -f username # delete user

## disabled_functions.php
<?php
error_reporting(E_ALL);
$disabled_functions = ini_get('disable_functions');
if ($disabled_functions!='')
{
    $arr = explode(',', $disabled_functions);
    sort($arr);

    echo 'Disabled Functions: ';
    for ($i=0; $i < count($arr); $i++)

## .htaccess
<IfModule mod_rewrite.c >
  RewriteEngine on
  RewriteOptions inherit

  # let's encrypt ssl
  RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
  RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
  RewriteRule ^.well-known/acme-challenge - [L]

  # redirect to no-www

## deploy-ionic-angular.sh
BUILD_DEPLOY_DIRECTORY="$HOME/dev/projects/app-build"
BUILD_DEPLOY_REMOTE=$(git config --get remote.origin.url)
BUILD_DIRECTORY="$HOME/dev/projects/app/www" # www or build
BUILD_COMMIT_MESSAGE=$(date +'%c')

R=$(tput setaf 1)
G=$(tput setaf 2)
Y=$(tput setaf 3)
NC=$(tput sgr0)

## tmux.conf
set -g status-justify left               # Aligne les titres de fenetres a gauche
set -g status-bg colour1                 # Status bar noir sur rouge
set -g status-fg colour0                 #
set -g status-interval 2                 # Evite des bug de refraichissement

setw -g window-status-current-fg colour1 # Inversion des couleur pour l'onglet selectione
setw -g window-status-current-bg colour0 #
set-option -g history-limit 10000        # Permet de scroller 10k lignes
set -g history-limit 10000               #
	<?php
	// ...
	use App\Entity\Task;
	use Symfony\Component\OptionsResolver\OptionsResolver;
	class TaskType extends AbstractType
	{
	// ...
	public function configureOptions(OptionsResolver $resolver)
	{
	$resolver->setDefaults([
	<?php

	function validRequest(): bool {
	$myDomain = $_SERVER['SCRIPT_URI'];
	$requestsSource = $_SERVER['HTTP_REFERER'];

	return parse_url($myDomain, PHP_URL_HOST) === parse_url($requestsSource, PHP_URL_HOST);
	}
	<!-- mon site -->
	<form action="https://devs-cast.com/blog/1/delete" method="POST">
	<input type="hidden" name="_csrf_blog_1" value="afji9fj3dkdki3niadqer9>"/>
	<button>Supprimer</button>
	</form>
	<!-- site de l'attaquant -->
	<form action="https://devs-cast.com/blog/1/delete" method="POST">
	<button>Vous avez gagné un voyage à paris</button>
	</form>
	<?php

	$middleware = new CsrfMiddleware($_SESSION, 200);
	$app->pipe($middleware);

	// Generate input
	$input = "<input type='hidden' name='{$middleware->getFormKey()}' value='{$middleware->generateToken()}'/>
	cut -d: -f1 /etc/passwd # list users on the server
	sudo useradd --create-home username # create user and home directory
	sudo passwd username # set password for user
	usermod -aG sudo username # add user to sudo group

	echo "username ALL=(ALL) NOPASSWD:ALL" \| sudo tee /etc/sudoers.d/username # create a sudoer file

	userdel -f username # delete user
	<?php
	error_reporting(E_ALL);
	$disabled_functions = ini_get('disable_functions');
	if ($disabled_functions!='')
	{
	$arr = explode(',', $disabled_functions);
	sort($arr);

	echo 'Disabled Functions: ';
	for ($i=0; $i < count($arr); $i++)
	<IfModule mod_rewrite.c >
	RewriteEngine on
	RewriteOptions inherit

	# let's encrypt ssl
	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
	RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule ^.well-known/acme-challenge - [L]

	# redirect to no-www
	BUILD_DEPLOY_DIRECTORY="$HOME/dev/projects/app-build"
	BUILD_DEPLOY_REMOTE=$(git config --get remote.origin.url)
	BUILD_DIRECTORY="$HOME/dev/projects/app/www" # www or build
	BUILD_COMMIT_MESSAGE=$(date +'%c')

	R=$(tput setaf 1)
	G=$(tput setaf 2)
	Y=$(tput setaf 3)
	NC=$(tput sgr0)
	set -g status-justify left # Aligne les titres de fenetres a gauche
	set -g status-bg colour1 # Status bar noir sur rouge
	set -g status-fg colour0 #
	set -g status-interval 2 # Evite des bug de refraichissement

	setw -g window-status-current-fg colour1 # Inversion des couleur pour l'onglet selectione
	setw -g window-status-current-bg colour0 #
	set-option -g history-limit 10000 # Permet de scroller 10k lignes
	set -g history-limit 10000 #