Skip to content

Instantly share code, notes, and snippets.

View emerose's full-sized avatar

Sam Quigley emerose

50 followers · 41 following
View GitHub Profile
@emerose
emerose / ruby-1.8.6.rb
Created October 21, 2009 22:01
irb(main):001:0> require 'cgi'
=> true
irb(main):002:0> require 'uri'
=> true
irb(main):003:0> RUBY_VERSION
=> "1.8.6"
irb(main):004:0> evil = "http://www.google.com%0A%60ls%0A%60"
=> "http://www.google.com%0A%60ls%0A%60"
irb(main):005:0> unescaped_evil = CGI::unescape(evil)
=> "http://www.google.com\n`ls\n`"
@emerose
emerose / gist:237623
Created November 18, 2009 07:31
We couldn’t find that file to show.
@emerose
emerose / gist:244361
Created November 28, 2009 03:15
parse822 <- function(d) strptime(d, "%a %b %d %H:%M:%S %Y")
@emerose
emerose / gist:276928
Created January 14, 2010 05:39
We couldn’t find that file to show.
@emerose
emerose / ESAPI.properties
Created January 15, 2010 22:22
# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
# (All cipher modes except ECB require an IV.) There are two choices: we can either
# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
# the IV does not need to be hidden from adversaries, it is important that the
# adversary not be allowed to choose it. Also, random IVs are generally much more
# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
# such as CFB and OFB use a different IV for each encryption with a given key so
# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
# uncomment the Encryptor.fixedIV.
@emerose
emerose / Plaintext Passwords IV Fix.php
Created January 29, 2010 04:42
<?php
$salt = substr(md5(rand()), 0, 4);
$hashedpassword = md5($password.$salt);
$sql = "INSERT INTO Users (Username, Password, Salt) " .
"VALUES ('" . addslashes($username) . "', " .
"'$hashedpassword', '$salt')";
$db->executeQuery($sql);
// ...
@emerose
emerose / svc-users.php
Created February 7, 2010 00:19
<?php
//...
$sql = "SELECT * FROM Users WHERE " .
"(Username = '" . addslashes($username) . "') " .
"AND (Token = '" . addslashes($token) . "')";
$rs = $db->executeQuery($sql);
if ( $rs->next() ) {
//...
?>
@emerose
emerose / gist:401558
Created May 14, 2010 19:34
def random_password(length=10)
allowed_chars = (('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a)
ret = ''
OpenSSL::Random.random_bytes(length).each_byte do |b|
ret << allowed_chars[b % allowed_chars.length]
end
return ret
end
@emerose
emerose / gist:429470
Created June 8, 2010 01:19
Exception in thread "main" java.lang.NullPointerException
at java.net.Parts.<init>(URL.java:1262)
at java.net.URL.<init>(URL.java:380)
at java.net.URL.<init>(URL.java:283)
at com.netifera.poet.ui.view.PoetComponent.createFormOracle(PoetComponent.java:252)
at com.netifera.poet.ui.view.PoetComponent.doOracleTestAction(PoetComponent.java:223)
at com.netifera.poet.ui.view.PoetComponent.actionButtonClicked(PoetComponent.java:213)
at com.netifera.poet.ui.view.PoetComponent.access$2(PoetComponent.java:194)
at com.netifera.poet.ui.view.PoetComponent$3.widgetSelected(PoetComponent.java:164)
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source)
@emerose
emerose / brew install openldap -vd
Created July 21, 2010 23:28
sqbook:local sq$ brew install openldap -vd
==> Build Environment
CC: /usr/bin/cc => /usr/bin/gcc-4.2
CXX: /usr/bin/c++ => /usr/bin/c++-4.2
LD: /usr/bin/cc => /usr/bin/gcc-4.2
CFLAGS: -O3 -march=core2 -msse4.1 -w -pipe
CXXFLAGS: -O3 -march=core2 -msse4.1 -w -pipe
MAKEFLAGS: -j2
==> Downloading ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.21.tgz
File already downloaded and cached to /Users/sq/Library/Caches/Homebrew