Category: Web Difficulty: Easy
We were offered a website that generates a pdf from a given URL.
- Enter a URL and submit
ast3ro
/ insomni-hack-2019-03-22-web-ezgen-writeup.md
Created
March 26, 2019 14:58
insomni-hack-2019-03-22-web-ezgen-writeup.md
jonjack
/ add-update-refresh-github-access-token-on-mac.md
Last active
May 1, 2024 02:05
Adding & Updating GitHub Access Token on Mac
Follow the instructions on Github to Create an Access Token in Github
By default, git credentials are not cached so you need to tell Git if you want to avoid having to provide them each time Github requires you to authenticate. On Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account.
You can tell Git you want to store credentials in the osxkeychain by running the following:-
mhmdiaa
/ waybackurls.py
Last active
April 29, 2024 08:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
Being someone who tries to play a lot with Windows memory, I really wanted to play with PANDA, but I was slightly scared because I'd never touched qemu before - all my experience had been with VirtualBox and VMware.
My goal was to install PANDA into a (relatively) clean install of Debian 8 'Jessie', capture a recording and successfully run a PANDA plugin.
cure53
/ 1266386.md
Last active
May 30, 2020 17:55
OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing
Mozilla Firefox supports a feature that allows to define SVG images inside an OTF font to represent characters. This is useful if we for example want to work with colorful characters, Emoji, animated characters and so on. Firefox is currently the only relevant browser supporting this technology.
The general technology and its advantages are described here:
r41p41
/ CVE-2015-2545_375e51a989525cfec8296faaffdefa35
Created
February 4, 2016 16:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86 | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| *** wait with pending attach | |
| Symbol search path is: *** Invalid *** | |
| **************************************************************************** | |
| * Symbol loading may be unreliable without a symbol search path. * | |
| * Use .symfix to have the debugger choose a symbol path. * | |
| * After setting your symbol path, use .reload to refresh symbol locations. * |
nishimunea
/ cve_2015_6759.md
Created
December 18, 2015 21:26
これは「脆弱性"&'<<>\ Advent Calendar 2015」の12月19日の記事です。
この記事では Chrome 46 で修正された CVE-2015-6759 を紹介します。この脆弱性は先月の AVTOKYO 2015 でも披露したので、ご存じの方もいるかもしれません。
この脆弱性は、data: と blob: という2つの特殊なURLを組み合わせることにより、Chrome のオリジン判定を誤らせ、結果として、ネットワーク上から file: スキームの localStorage のデータを読み出すことができるというものです。仮にユーザが file: スキームの localStorage にトークンなどの機密情報を格納している場合、悪意のあるリンクを開くだけでそれらの情報が盗まれてしまいます。
この脆弱性のメカニズムはやや複雑ですので、data: URL と blob: URL の性質から順を追って説明します。これらをある程度知っている方は、前半部分を読み飛ばしても構いません。
bnagy
/ pollenate.rb
Last active
April 22, 2016 20:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env ruby | |
| # Pollenate ONE sync dir from each target into all other | |
| # targets fuzzing the same format. Assumes that work | |
| # dirs are named as by github.com/bnagy/afl-launch. | |
| # | |
| # Each target syncs inside its own directory already | |
| # so copying any of the sync dirs works. It is possible | |
| # that you'll miss some stuff, but it saves N * N-1 sync | |
| # |
MSEdge
/ IE-Edge-diff.idl
Last active
January 29, 2022 23:18
Proprietary / Non-Inteoperable IE APIs no longer in Microsoft Edge
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| interface AesGcmEncryptResult { | |
| readonly attribute ArrayBuffer ciphertext; | |
| readonly attribute ArrayBuffer tag; | |
| }; | |
| interface BookmarkCollection { | |
| readonly attribute long length; | |
| any item(unsigned long index); |
rongarret
/ gist:d8987c9cd57bd768e1de
Last active
August 29, 2015 14:17
Safari FILE: scheme security hole
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It appears that Safari does not enforce any kind of access | |
| restrictions for XMLHTTPRequests on FILE: scheme URLs. As a | |
| result, any HTML file on the local file system that is opened in | |
| Safari can read any file that the user has access to (and, of | |
| course, it can upload those files too). Here's a little | |
| proof-of-concept. Copy and paste this into a local HTML file and | |
| open it in Safari. It will display the contents of /etc/passwd. | |
| <script src=https://code.jquery.com/jquery-2.1.3.min.js></script> | |
| <script> |
NewerOlder