Skip to content

Instantly share code, notes, and snippets.

@motoyasu-saburi
motoyasu-saburi / lack_escape_content-disposition_filename.md
Last active June 6, 2024 08:22
Land Mine named "Content-Disposition > filename"

TL;DR

  • I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
  • All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
  • The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
  • The problem is clearly targeted at the Content-Disposition fields filename and filename*.
  • This problem affects HTTP Request/Response/Email in different ways.
    • HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
    • HTTP Response : Reflect File Download vulnerability
  • Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)
@veekaybee
veekaybee / chatgpt.md
Last active June 18, 2024 13:49
Everything I understand about chatgpt

ChatGPT Resources

Context

ChatGPT appeared like an explosion on all my social media timelines in early December 2022. While I keep up with machine learning as an industry, I wasn't focused so much on this particular corner, and all the screenshots seemed like they came out of nowhere. What was this model? How did the chat prompting work? What was the context of OpenAI doing this work and collecting my prompts for training data?

I decided to do a quick investigation. Here's all the information I've found so far. I'm aggregating and synthesizing it as I go, so it's currently changing pretty frequently.

Model Architecture

{
  "type": "FeatureCollection",
  "features": [
    {
      "type": "Feature",
      "properties": {},
      "geometry": {
        "coordinates": [
 [
// ==UserScript==
// @name @chaoticvibing Twitter Blue Nerd - twitter.com
// @namespace Violentmonkey Scripts
// @match *://*.twitter.com/*
// @match *://*.x.com/*
// @grant none
// @version 1.9.2
// @author @chaoticvibing - GH @busybox11
// @description 11/9/2022, 11:45:28 PM
// @updateURL https://gist.githubusercontent.com/busybox11/53c76f57a577a47a19fab649a76f18e3/raw
%!PS
200 200 translate/W 300 def/H 200 def/w 150 def/h 100 def/P{1 setgray 0 0 W H
rectfill 0 setgray 0 0 W H rectstroke 0 10 W{dup 0 moveto H lineto}for stroke}
def/A[1 0.6 -1 0.6 50 60]def/B[0 1 1 0.6 0 0]def/C[1 -0.6 0 1 -50 200]def/p{
gsave concat exec P grestore}def 1 0 0{}A p 0 1 0{}B p 1 0 0{0 0 W h rectclip}A
p 0 0 1{}C p 1 0 0{0 0 w H rectclip}A p 0 1 0{w 0 w h rectclip}B p showpage
@AndyObtiva
AndyObtiva / glimmer-dsl-swt-hello-refined-table.rb
Created September 5, 2022 15:47
Glimmer DSL for SWT (JRuby Desktop Development GUI Framework) - Hello, Refined Table! (with Pagination)
require 'glimmer-dsl-swt'
require 'date'
class HelloRefinedTable
BaseballTeam = Struct.new(:name, :town, :ballpark, keyword_init: true) do
class << self
def all
@all ||= [
{town: 'Chicago', name: 'White Sox', ballpark: 'Guaranteed Rate Field'},
{town: 'Cleveland', name: 'Indians', ballpark: 'Progressive Field'},
@AndyObtiva
AndyObtiva / glimmer-dsl-swt-4-24-3-0-hello-table.rb
Last active September 14, 2022 13:49
Glimmer DSL for SWT (JRuby Desktop Development GUI Framework) 4.24.3.0 Hello, Table! Sample
# From: https://github.com/AndyObtiva/glimmer-dsl-swt/blob/master/docs/reference/GLIMMER_SAMPLES.md#hello-table
require 'glimmer-dsl-swt'
class HelloTable
class BaseballGame
class << self
attr_accessor :selected_game
def all_playoff_games
@AndyObtiva
AndyObtiva / glimmer-dsl-swt-hello-code-text.rb
Created August 23, 2022 01:51
Glimmer DSL for SWT (JRuby Desktop Development GUI Framework) - Hello, Code Text! Sample
# From: https://github.com/AndyObtiva/glimmer-dsl-swt/blob/master/docs/reference/GLIMMER_SAMPLES.md#hello-code-text
require 'glimmer-dsl-swt'
class HelloCodeText
include Glimmer::UI::CustomShell
attr_accessor :ruby_code, :js_code, :html_code
before_body do
self.ruby_code = <<~RUBY
@ArcaneNibble
ArcaneNibble / dpll.py
Last active August 4, 2022 22:19
Teaching myself about SAT solvers -- DPLL
import sys
def parse_cnf(infn):
with open(infn, 'r') as f:
inp = f.readlines()
# print(inp)
while inp:
l = inp[0]
@AndyObtiva
AndyObtiva / glimmer-dsl-libui-basic-child-window.rb
Created July 26, 2022 13:38
Glimmer DSL for LibUI (Ruby Desktop Development GUI Library) - Basic Child Window Example
# From: https://github.com/AndyObtiva/glimmer-dsl-libui#basic-child-window
require 'glimmer-dsl-libui'
include Glimmer
window('Main Window') {
button('Spawn Child Window') {
on_clicked do
window('Child Window') {