motoyasu-saburi

TL;DR

• I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
• All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
• The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
• The problem is clearly targeted at the Content-Disposition fields filename and filename*.
• This problem affects HTTP Request/Response/Email in different ways.
  • HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
  • HTTP Response : Reflect File Download vulnerability

• Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)

veekaybee

ChatGPT Resources

Context

ChatGPT appeared like an explosion on all my social media timelines in early December 2022. While I keep up with machine learning as an industry, I wasn't focused so much on this particular corner, and all the screenshots seemed like they came out of nowhere. What was this model? How did the chat prompting work? What was the context of OpenAI doing this work and collecting my prompts for training data?

I decided to do a quick investigation. Here's all the information I've found so far. I'm aggregating and synthesizing it as I go, so it's currently changing pretty frequently.

Model Architecture

diegohaz

{
  "type": "FeatureCollection",
  "features": [
    {
      "type": "Feature",
      "properties": {},
      "geometry": {
        "coordinates": [
 [

busybox11

// ==UserScript==
// @name        @chaoticvibing Twitter Blue Nerd - twitter.com
// @namespace   Violentmonkey Scripts
// @match       *://*.twitter.com/*
// @match       *://*.x.com/*
// @grant       none
// @version     1.9.2
// @author      @chaoticvibing - GH @busybox11
// @description 11/9/2022, 11:45:28 PM
// @updateURL   https://gist.githubusercontent.com/busybox11/53c76f57a577a47a19fab649a76f18e3/raw

nst

%!PS
200 200 translate/W 300 def/H 200 def/w 150 def/h 100 def/P{1 setgray 0 0 W H
rectfill 0 setgray 0 0 W H rectstroke 0 10 W{dup 0 moveto H lineto}for stroke}
def/A[1 0.6 -1 0.6 50 60]def/B[0 1 1 0.6 0 0]def/C[1 -0.6 0 1 -50 200]def/p{
gsave concat exec P grestore}def 1 0 0{}A p 0 1 0{}B p 1 0 0{0 0 W h rectclip}A
p 0 0 1{}C p 1 0 0{0 0 w H rectclip}A p 0 1 0{w 0 w h rectclip}B p showpage

AndyObtiva

require 'glimmer-dsl-swt'
require 'date'

class HelloRefinedTable
  BaseballTeam = Struct.new(:name, :town, :ballpark, keyword_init: true) do
    class << self
      def all
        @all ||= [
          {town: 'Chicago', name: 'White Sox', ballpark: 'Guaranteed Rate Field'},
          {town: 'Cleveland', name: 'Indians', ballpark: 'Progressive Field'},

AndyObtiva

# From: https://github.com/AndyObtiva/glimmer-dsl-swt/blob/master/docs/reference/GLIMMER_SAMPLES.md#hello-table

require 'glimmer-dsl-swt'

class HelloTable
  class BaseballGame
    class << self
      attr_accessor :selected_game
      
      def all_playoff_games

AndyObtiva

# From: https://github.com/AndyObtiva/glimmer-dsl-swt/blob/master/docs/reference/GLIMMER_SAMPLES.md#hello-code-text
require 'glimmer-dsl-swt'

class HelloCodeText
  include Glimmer::UI::CustomShell
  
  attr_accessor :ruby_code, :js_code, :html_code
  
  before_body do
    self.ruby_code = <<~RUBY

ArcaneNibble

import sys


def parse_cnf(infn):
    with open(infn, 'r') as f:
        inp = f.readlines()

    # print(inp)
    while inp:
        l = inp[0]

AndyObtiva

# From: https://github.com/AndyObtiva/glimmer-dsl-libui#basic-child-window

require 'glimmer-dsl-libui'

include Glimmer

window('Main Window') {
  button('Spawn Child Window') {
    on_clicked do
      window('Child Window') {