This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
irb(main):001:0> require 'cgi' | |
=> true | |
irb(main):002:0> require 'uri' | |
=> true | |
irb(main):003:0> RUBY_VERSION | |
=> "1.8.6" | |
irb(main):004:0> evil = "http://www.google.com%0A%60ls%0A%60" | |
=> "http://www.google.com%0A%60ls%0A%60" | |
irb(main):005:0> unescaped_evil = CGI::unescape(evil) | |
=> "http://www.google.com\n`ls\n`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
parse822 <- function(d) strptime(d, "%a %b %d %H:%M:%S %Y") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV). | |
# (All cipher modes except ECB require an IV.) There are two choices: we can either | |
# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While | |
# the IV does not need to be hidden from adversaries, it is important that the | |
# adversary not be allowed to choose it. Also, random IVs are generally much more | |
# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes | |
# such as CFB and OFB use a different IV for each encryption with a given key so | |
# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random | |
# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and | |
# uncomment the Encryptor.fixedIV. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$salt = substr(md5(rand()), 0, 4); | |
$hashedpassword = md5($password.$salt); | |
$sql = "INSERT INTO Users (Username, Password, Salt) " . | |
"VALUES ('" . addslashes($username) . "', " . | |
"'$hashedpassword', '$salt')"; | |
$db->executeQuery($sql); | |
// ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//... | |
$sql = "SELECT * FROM Users WHERE " . | |
"(Username = '" . addslashes($username) . "') " . | |
"AND (Token = '" . addslashes($token) . "')"; | |
$rs = $db->executeQuery($sql); | |
if ( $rs->next() ) { | |
//... | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def random_password(length=10) | |
allowed_chars = (('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a) | |
ret = '' | |
OpenSSL::Random.random_bytes(length).each_byte do |b| | |
ret << allowed_chars[b % allowed_chars.length] | |
end | |
return ret | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Exception in thread "main" java.lang.NullPointerException | |
at java.net.Parts.<init>(URL.java:1262) | |
at java.net.URL.<init>(URL.java:380) | |
at java.net.URL.<init>(URL.java:283) | |
at com.netifera.poet.ui.view.PoetComponent.createFormOracle(PoetComponent.java:252) | |
at com.netifera.poet.ui.view.PoetComponent.doOracleTestAction(PoetComponent.java:223) | |
at com.netifera.poet.ui.view.PoetComponent.actionButtonClicked(PoetComponent.java:213) | |
at com.netifera.poet.ui.view.PoetComponent.access$2(PoetComponent.java:194) | |
at com.netifera.poet.ui.view.PoetComponent$3.widgetSelected(PoetComponent.java:164) | |
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sqbook:local sq$ brew install openldap -vd | |
==> Build Environment | |
CC: /usr/bin/cc => /usr/bin/gcc-4.2 | |
CXX: /usr/bin/c++ => /usr/bin/c++-4.2 | |
LD: /usr/bin/cc => /usr/bin/gcc-4.2 | |
CFLAGS: -O3 -march=core2 -msse4.1 -w -pipe | |
CXXFLAGS: -O3 -march=core2 -msse4.1 -w -pipe | |
MAKEFLAGS: -j2 | |
==> Downloading ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.21.tgz | |
File already downloaded and cached to /Users/sq/Library/Caches/Homebrew |
OlderNewer