Skip to content

Instantly share code, notes, and snippets.

@cianmce
cianmce / designer.html
Last active September 11, 2015 15:06
designer
<link rel="import" href="../core-scaffold/core-scaffold.html">
<link rel="import" href="../core-header-panel/core-header-panel.html">
<link rel="import" href="../core-menu/core-menu.html">
<link rel="import" href="../core-item/core-item.html">
<link rel="import" href="../core-icon-button/core-icon-button.html">
<link rel="import" href="../core-toolbar/core-toolbar.html">
<link rel="import" href="../core-field/core-field.html">
<link rel="import" href="../core-icon/core-icon.html">
<link rel="import" href="../core-input/core-input.html">
<link rel="import" href="../core-icons/core-icons.html">
@cianmce
cianmce / designer.html
Created September 11, 2015 14:54
designer
<link rel="import" href="../topeka-elements/category-images.html">
<link rel="import" href="../core-icon/core-icon.html">
<link rel="import" href="../core-icons/core-icons.html">
<link rel="import" href="../core-icons/av-icons.html">
<link rel="import" href="../paper-fab/paper-fab.html">
<polymer-element name="my-element">
<template>
<style>

Keybase proof

I hereby claim:

  • I am cianmce on github.
  • I am cianmce (https://keybase.io/cianmce) on keybase.
  • I have a public key whose fingerprint is 95D8 378B 422A 8F0F 3585 749E 0CA9 E26E 2130 99FB

To claim this, I am signing this object:

#!/bin/bash
# install by adding:
# alias venv=". ~/location/venv.sh"
# to .bashrc
help_string="venv [option] [VENV_NAME]
VENV_NAME
activates VENV_NAME is it exists
<?php
/*
Run using:
SECRET="Some super secret text" php -S localhost:8000
Goal:
Find out what the SECRET env is
*/
if (empty($_POST['hmac']) || empty($_POST['host'])) {
alert(document.currentScript.getAttribute('msg') || document.currentScript.getAttribute('src').split('msg=')[1] || "XSS!");
@cianmce
cianmce / alert.html
Last active March 26, 2018 15:41
Click "Raw" and replace "gist.githubusercontent.com" with "rawgit.com" and add "?msg=Some message" to the end
<html>
<script>
/*
Add GET param "msg" e.g. "?msg=Some message"
*/
alert(decodeURI(location.href.split('?msg=')[1]));
</script>
</html>
<html>
<script>
var xsss = [
'<script >alert("XSS - 1");</script >',
'<script type="application/javascript">alert("XSS - 2");</script >',
'<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >',
'<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />',
'<input type="image" src onerror="alert(\"XSS - 5\")">',
'<object data="a.a" onerror="alert(\"XSS - 6\")" />',
'<object data="a.a" onerror="alert(\"XSS - 7\")">',
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@cianmce
cianmce / benchmark_password_strength.rb
Last active May 27, 2018 20:23
DOS fnando/password_strength
require 'securerandom'
require 'password_strength'
require 'benchmark'
def random_string(len)
SecureRandom.base64(len)[0...len]
end
Benchmark.bm do |x|