fakhrizulkifli

#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

fakhrizulkifli

/*
 * XSS filter 
 *
 * This was built from numerous sources
 * (thanks all, sorry I didn't track to credit you)
 * 
 * It was tested against *most* exploits here: http://ha.ckers.org/xss.html
 * WARNING: Some weren't tested!!!
 * Those include the Actionscript and SSI samples, or any newer than Jan 2011
 *

fakhrizulkifli

Mac web developer apps

This gist's comment stream is a collection of webdev apps for OS X. Feel free to add links to apps you like, just make sure you add some context to what it does — either from the creator's website or your own thoughts.

— Erik

fakhrizulkifli

#include <stdint.h>
#include <avr/interrupt.h>
#include <avr/wdt.h>

byte sample = 0;
boolean sample_waiting = false;
byte current_bit = 0;
byte result = 0;

void setup() {

fakhrizulkifli

#include <stdint.h>
#include <avr/interrupt.h>
#include <avr/wdt.h>

byte sample = 0;
boolean sample_waiting = false;
byte current_bit = 0;
byte result = 0;

void setup() {

fakhrizulkifli

// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console

fakhrizulkifli

##Google Interview Questions: Product Marketing Manager

• Why do you want to join Google? -- Because I want to create tools for others to learn, for free. I didn't have a lot of money when growing up so I didn't get access to the same books, computers and resources that others had which caused money, I want to help ensure that others can learn on the same playing field regardless of their families wealth status or location.
• What do you know about Google’s product and technology? -- A lot actually, I am a beta tester for numerous products, I use most of the Google tools such as: Search, Gmaill, Drive, Reader, Calendar, G+, YouTube, Web Master Tools, Keyword tools, Analytics etc.
• If you are Product Manager for Google’s Adwords, how do you plan to market this?
• What would you say during an AdWords or AdSense product seminar?
• Who are Google’s competitors, and how does Google compete with them? -- Google competes on numerous fields: --- Search: Baidu, Bing, Duck Duck Go

fakhrizulkifli

#!/usr/bin/python
# -*- coding: utf-8 -*-

import os
import sys
import errno
from datetime import datetime
from time import time

rootdir = os.getcwd()

fakhrizulkifli

# Exploit Title: Redis 5.0 Denial of Service
# Date: 2018-06-13
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://redis.io/
# Software Link: https://redis.io/download
# Version: 5.0
# Fixed on: 5.0
# CVE : CVE-2018-12453

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.

fakhrizulkifli

# Exploit Title: QEMU Guest Agent Denial of Service
# Date: 2018-06-07
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.qemu.org/
# Software Link: https://www.qemu.org/download/
# Version: 2.12.50 and earlier
# Tested on: 2.12.50
# CVE : CVE-2018-12617

QEMU Guest Agent 2.12.50 and earlier has an integer overflow causing a g_malloc0() call to trigger a segfault() call when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a specific QMP command to the agent via the listening socket.