hackermondev

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

terjanq

Postviewer v3 writeup by @terjanq

As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!

Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in

dhh

# THIS LINUX SETUP SCRIPT HAS MORPHED INTO A WHOLE PROJECT: HTTPS://OMAKUB.ORG
# PLEASE CHECKOUT THAT PROJECT INSTEAD OF THIS OUTDATED SETUP SCRIPT.
#
#

# Libraries and infrastructure
sudo apt update -y
sudo apt install -y \
	docker.io docker-buildx \
	build-essential pkg-config autoconf bison rustc cargo clang \

hahwul

# Get all workers
SolidQueue::Process.all

# Get Pause and Ready Job
SolidQueue::Pause.all.pluck(:queue_name)
SolidQueue::ReadyExecution.where("queue_name LIKE ?", "dc_development_%").distinct(:queue_name).pluck(:queue_name)

# Get Failed Job
SolidQueue::FailedExecution.all
SolidQueue::FailedExecution.count

adulau

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

• CVE-2023-44487, CIRCL CVE Search
• How AWS protects customers from DDoS events, AWS

cpursley

PostgreSQL is Enough

• Simplify: move code into database functions
• Just Use Postgres for Everything
• Just use Postgres
• PostgreSQL is the worlds’ best database
• Postgres is eating the database world
• Hacker News discussion

Background and Cron Jobs

ikrishagarwal

Setup ZSH

This gist will guide you through to setup starship along with zsh suggestions and zsh syntax highlight for your codespaces.

Table of Contents

• Setup Starship
• Install Auto Suggestions
• Install ZSH Syntax Highlighting

esell

At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC


- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT

Gnzlt

#!/bin/bash

gource \
    -s .03 \
    -1280x720 \
    --auto-skip-seconds .1 \
    --multi-sampling \
    --stop-at-end \
    --key \
    --highlight-users \

straight-shoota

def bob
  10.times do
    puts "B"
    sleep 0.006
  end
end

def alice
  3.times do
    puts "A"