Skip to content

Instantly share code, notes, and snippets.

Avatar
🔐
I'm in your code, making things secure!

John Poulin forced-request

🔐
I'm in your code, making things secure!
View GitHub Profile
@forced-request
forced-request / server.js
Created Feb 22, 2019
Handle all uncaught exceptions to prevent node service from crashing. This is useful for preventing denial-of-service attacks in Node.JS
View server.js
/* Tell Node not to crash */
process.on('uncaughtException', function (err) {
console.log('Caught exception: ', err);
});
View rails_dynamic_render_code_exec.rb
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@@trav_string = '%5c%2e%2e%2f'
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
@forced-request
forced-request / json_encode-xss-prevention.php
Created Jul 27, 2015
Using json_encode to prevent JS context XSS
View json_encode-xss-prevention.php
<html>
<body>
<script>
var a = “prefix” + <?= json_encode($_GET['p']); ?> + “suffix”;
</script>
</body>
</html>
@forced-request
forced-request / htmlentities_javascript.php
Last active Aug 29, 2015
htmlentities in JavaScript context
View htmlentities_javascript.php
<html>
<body>
<script>
var a = '<?= htmlentities($_GET['p']); ?>';
</script>
</body>
</html>
View mitigated_dynamic_render.rb
def show
template = params[:id]
d = Dir[“myfolder/*.erb]
if d.include?(“myfolder/#{template}.erb”)
render "myfolder/#{template}"
else
# throw exception or 404
end
end
View mitigated_dynamic_render.rb
def show
template = params[:id]
valid_templates = {
"dashboard" => "dashboard",
"profile" => "profile",
"deals" => "deals"
}
if valid_templates.include?(template)
View dynamic_render.rb
def show
render params[:template]
end
@forced-request
forced-request / gist:7ff7fe31632c23d47f6c
Created Dec 23, 2014
SlimerJS callbacks not working
View gist:7ff7fe31632c23d47f6c
wp = require("webpage").create();
wp.onAlert = function(text) {
console.log("Alerted: " + text);
};
wp.content = "<html><body>Hello: <iframe src='f' onerror='prompt(299792458)'></iframe><script>window.alert(\"Normal Func\")</script></body></html>";
wp.evaluate(function (wp) {
}, wp);
View main.rb
require 'lib/request'
puts "hi"
You can’t perform that action at this time.