Skip to content

Instantly share code, notes, and snippets.

View iHiD's full-sized avatar
💙

Jeremy Walker iHiD

💙
View GitHub Profile
@iHiD
iHiD / show_output_xss.html
Created June 25, 2012 14:32
Security Article Part 3 - 4
<h2>My First Blog Post</h2>
&lt;div id="content"&gt;
<script>
setInterval(function() {
alert("I'm annoying!!!")
}, 50)
&lt;/script&gt;
</div>
@iHiD
iHiD / show_output.html
Created June 25, 2012 14:25
Security Article Part 3 - 3
<h2>My First Blog Post</h2>
<div id="content">
<script>
setInterval(function() {
alert("I'm annoying!!!")
}, 50)
</script>
</div>
@iHiD
iHiD / show.html.erb
Created June 25, 2012 14:23
Security Article Part 3 - 2
<h2><%= @blog_post.title %></h2>
<div id="content"><%= @blog_post.content %></div>
@iHiD
iHiD / malicious.html
Created June 25, 2012 14:21
Security Article Part 3 - 1
<script>
setInterval(function() {
alert("I'm annoying!!!")
}, 50)
</script>
@iHiD
iHiD / gemfile_parser.rb
Created June 18, 2012 10:42 — forked from reiz/gemfile parser
Parsing a Gemfile
def self.create_from_gemfile_url ( url )
return nil if url.nil?
if url.match(/^https:\/\/github.com\//)
url = url.gsub("https://github.com", "https://raw.github.com")
url = url.gsub("/blob/", "/")
end
uri = URI.parse( url )
http = Net::HTTP.new(uri.host, uri.port)
if uri.port == 443
http.use_ssl = true
@iHiD
iHiD / speaker.md
Created June 12, 2012 15:41 — forked from matiaskorhonen/speaker.md
Frozen Rails Talk Proposal Template (http://2012.frozenrails.eu/)
@iHiD
iHiD / ProjectsController.rb
Created June 10, 2012 14:51
Security Article Part 2 - 12
class ProjectsController < ApplicationController
def index
@project = current_user.projects.where('name LIKE ?', "#{params[:name]}%")
#...
end
end
@iHiD
iHiD / injection_opts.rb
Created June 10, 2012 14:47
Security Article Part 2 - 11
# Use a hash
Project.where(:user_id => current_user.id)
# Use placeholders
Project.where("user_id = ?", current_user.id)
# Use bind variables
Project.where("user_id = :user_id", {:user_id => current_user.id})
@iHiD
iHiD / safe_sql.rb
Created June 10, 2012 14:39
Security Article Part 2 - 10
@projects = Project.where(:user_id => current_user.id).
where('name LIKE ?', "#{params[:name]}%")
@iHiD
iHiD / vulnerable.sql
Created June 10, 2012 14:34
Security Article Part 2 - 9
SELECT * FROM "projects"
WHERE user_id = 1
AND name LIKE '' OR created_at LIKE '%'