evandrix

<!DOCTYPE HTML>
<html lang = "en">
  <head>
		<title>HackThis!! - Capture the Flag</title>
		<meta charset = "UTF-8" />

		<link href='https://fonts.googleapis.com/css?family=Ubuntu|Orbitron' rel='stylesheet' type='text/css'>
		<link rel="stylesheet" href="/ctf/css/main.css">

		<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>

evandrix

<?php
    // ...

    if ($page == "admin" && !$user->isAdmin()) {
        include("admin.php");
    } else {
        include("/pages/{$page}.html");
    }
?>

evandrix

<?php
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    if ($user == "admin" && $pass == "pass") {
            //valid login
    } else {
            //invalid login
    }
?>

evandrix

#pragma once


//by dain bray 12/25/2012
//use however you want.


#include <type_traits>
#include <boost/preprocessor/seq/size.hpp>
#include <boost/preprocessor/seq/enum.hpp>

evandrix

[core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "heroku"]
        url = git@heroku.com:maxburstein.git
        fetch = +refs/heads/*:refs/remotes/heroku/*
[remote "github"]
        url = git@github.com:mburst/burstolio.git

evandrix

@font-face {
  font-family: 'PermanentMarkerRegular';
  src: url('PermanentMarker-webfont.eot');
  src: url('PermanentMarker-webfont.eot?#iefix') format('embedded-opentype'),
       url('PermanentMarker-webfont.woff') format('woff'),
       url('PermanentMarker-webfont.ttf') format('truetype'),
       url('PermanentMarker-webfont.svg#PermanentMarkerRegular') format('svg');
  font-weight: normal;
  font-style: normal;
}

evandrix

var console = unsafeWindow.console;

// a function that loads jQuery and calls a callback function when jQuery has finished loading
function addJQuery(callback) {
  var script = document.createElement("script");
  script.setAttribute("src", "http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js");
  script.addEventListener('load', function() {
    var script = document.createElement("script");
    script.textContent = "(" + callback.toString() + ")();";
    document.body.appendChild(script);

evandrix

/*
 * Linux scanlogd v1.0 by Solar Designer.  You're allowed to do whatever you
 * like with this software (including re-distribution in any form, with or
 * without modification), provided that credit is given where it is due, and
 * any modified versions are marked as such.  There's absolutely no warranty.
 */

#include <stdio.h>
#include <unistd.h>
#include <signal.h>

evandrix

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8" />
  <title>Exploit Demo</title>
  <script type="text/javascript">
    window.attachEvent("onload", function() {
      var detector = document.getElementById("detector");
      detector.attachEvent("onmousemove", function (e) {
        detector.innerHTML = e.screenX + ", " + e.screenY;

evandrix

5.5.19-log on SuSE Linux

DoS exploit:
--------------------------------------------------------------------------------------------------------
use Net::MySQL;
use Unicode::UTF8 qw[decode_utf8 encode_utf8];

$|=1;
	    	  
  my $mysql = Net::MySQL->new(