This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# RVM | |
\curl -sSL https://get.rvm.io | bash | |
# Ruby | |
rvm install ruby-3.3.6 | |
rvm use ruby-3.3.6 | |
# Rails | |
gem install rails |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
URL="https://pocs.hahwul.com/xss.js" # Target | |
NEW_FILE="new_body.txt" | |
OLD_FILE="old_body.txt" | |
wget -qO- "$URL" > "$NEW_FILE" | |
if [ -f "$OLD_FILE" ]; then | |
if ! diff -q "$OLD_FILE" "$NEW_FILE" > /dev/null; then |
Postviewer v3 writeup by @terjanq
As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!
Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%= area_chart Rails.cache.read("data1") %> | |
<%= area_chart Rails.cache.read("data2") %> | |
<%= area_chart Rails.cache.read("data3") %> | |
<script> | |
let eChartTriggerList = document.querySelectorAll('[id^="rails_charts_"]') | |
window.addEventListener('resize', function() { | |
let eChartList = [...eChartTriggerList].map(eChartTriggerEl => echarts.init(eChartTriggerEl).resize()) | |
}); | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function createHeadingLinks(){ | |
const headings = document.querySelectorAll('h2[id],h3[id]'); | |
const linkContent = '#'; | |
for (const heading of headings) { | |
const linkIcon = document.createElement('a'); | |
linkIcon.setAttribute('href', `#${heading.id}`); | |
linkIcon.setAttribute('style', 'color: #aaa'); | |
linkIcon.innerHTML = linkContent; | |
heading.appendChild(linkIcon); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git ls-files | xargs cat | wc -l |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get all workers | |
SolidQueue::Process.all | |
# Get Pause and Ready Job | |
SolidQueue::Pause.all.pluck(:queue_name) | |
SolidQueue::ReadyExecution.where("queue_name LIKE ?", "dc_development_%").distinct(:queue_name).pluck(:queue_name) | |
# Get Failed Job | |
SolidQueue::FailedExecution.all | |
SolidQueue::FailedExecution.count |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>PayloadDescription</key> | |
<string>Enable proxy settings for ZAP</string> | |
<key>PayloadDisplayName</key> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The operation couldn’t be completed. Unable to locate a Java Runtime that supports jarsigner. | |
# Please visit http://www.java.com for information on installing Java. | |
brew install openjdk@11 | |
sudo ln -sfn $(brew --prefix)/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk |
NewerOlder