This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
@@trav_string = '%5c%2e%2e%2f' | |
include Msf::Exploit::Remote::HttpClient | |
def initialize(info = {}) | |
super(update_info(info, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Tell Node not to crash */ | |
process.on('uncaughtException', function (err) { | |
console.log('Caught exception: ', err); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def protect_from_forgery(options = {}) | |
self.request_forgery_protection_token ||= :authenticity_token | |
prepend_before_filter :verify_authenticity_token, options | |
end | |
def verify_authenticity_token | |
unless verified_request? | |
logger.warn "WARNING: Can't verify CSRF token authenticity" if logger | |
handle_unverified_request | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def handle_unverified_request | |
reset_session | |
end | |
def verified_request? | |
!protect_against_forgery? || request.get? || | |
form_authenticity_token == params[request_forgery_protection_token] || | |
form_authenticity_token == request.headers['X-CSRF-Token'] | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class ConvertFriendshipTable < ActiveRecord::Migration | |
def change | |
rename_column :friendships, :sender, :user | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class FunctionParser | |
def test | |
# How do I access @vals from sim.rb? | |
# puts @vals.inspect | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<script> | |
var a = “prefix” + <?= json_encode($_GET['p']); ?> + “suffix”; | |
</script> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<script> | |
var a = '<?= htmlentities($_GET['p']); ?>'; | |
</script> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def show | |
template = params[:id] | |
d = Dir[“myfolder/*.erb] | |
if d.include?(“myfolder/#{template}.erb”) | |
render "myfolder/#{template}" | |
else | |
# throw exception or 404 | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def show | |
template = params[:id] | |
valid_templates = { | |
"dashboard" => "dashboard", | |
"profile" => "profile", | |
"deals" => "deals" | |
} | |
if valid_templates.include?(template) |
NewerOlder