Skip to content

Instantly share code, notes, and snippets.

View mchow01's full-sized avatar

Ming Chow mchow01

257 followers · 4 following
View GitHub Profile
@mchow01
mchow01 / secure_random.m
Created October 10, 2013 01:21
Generate 100 cryptographically secure random integers between 0 - 99 inclusive in Objective-C.
FILE *fp = fopen("/dev/random", "r");
if (!fp) {
/*UIAlertView *error = [[UIAlertView alloc]initWithTitle:@"Failure"
message:@"Sorry, cryptographically secure random numbers could not be generated."
delegate:self
cancelButtonTitle:@"Ok"
otherButtonTitles:nil, nil];
[error show];*/
}
@mchow01
mchow01 / create_image_cache.sh
Last active December 25, 2015 11:19
This shell script will batch create image thumbnails, 100x100, preserving aspect ratio, for images in a directory of images. imagemagick is required! To run: bash ./batch_thumbnail_creator.sh
#!/bin/sh
for filename in *
do
if [ "$filename" != "cache" -a "$filename" != "create_cache.sh" -a ! -f "cache/${filename}"
]; then
mkdir "cache/${filename}"
fi
done
@mchow01
mchow01 / batch_download.sh
Created December 13, 2013 14:03
Download remote files listed in a given input file of URLs
#!/bin/bash
# From http://stackoverflow.com/questions/10929453/bash-scripting-read-file-line-by-line
while read line
do
img=$(echo $line | sed -e 's/\r//g') # remove carriage return
wget $img
done < $1
@mchow01
mchow01 / mongodb_injection_nodejs.txt
Last active December 12, 2021 23:27
MongoDB Request Injection Attack in Node.js + Express Web Applications
Overview
========
Students in my Web Programming class (G. Brown, S. Prassad, et al)
discovered that MongoDB request injection attacks also work on Node.js
+ Express web applications. MongoDB request injection attacks have
been known for PHP web applications.
Impact
======
Attacker can view and download all the data in a MongoDB database
@mchow01
mchow01 / nokogiri_example.rb
Created October 17, 2014 23:03
Using Nokogiri to Parse a XML File (hosted remotely)
@companies = []
begin
doc = Nokogiri::XML(open("https://rss.myinterfase.com/rss/tufts_Fall_Fair_2014_Empl_Reg_xml.xml"))
doc.css('Row').each do |elem|
# http://stackoverflow.com/questions/13520162/ruby-capitalize-every-word-first-letter
@companies << {:name => elem.css('orgname').text, :url => elem.css('reg_cnt_website').text}
end
@companies = @companies.sort_by{ |k| k[:name] }
rescue
end
@mchow01
mchow01 / hackme.php
Created October 20, 2014 01:55
Simple yet vulnerable code that is used to demonstrate cross-site scripting, remote code execution, and bypassing client-side input validation,
<!DOCTYPE html>
<?php
if (!empty($_GET["id"])) {
$id = eval($_GET["id"]);
$id = $_GET["id"];
$str = "<h1>id parameter is " . $id . "</h1>";
}
if (!empty($_POST["fullname"])) {
$price = $_POST["price"];
@mchow01
mchow01 / TWTR-mysql.py
Last active May 7, 2020 17:36
Store tweets from a Twitter timeline into a MySQL database using Tweepy
import tweepy
import MySQLdb
import sys
# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
# Keys
consumer_key = ''
consumer_secret = ''
access_token = ''
@mchow01
mchow01 / TWTR-psql.py
Last active December 21, 2020 04:25
Store tweets from a Twitter timeline into a PostgreSQL database using Tweepy
import tweepy
import psycopg2
# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
# psycopg2 API doc here: http://initd.org/psycopg/docs/
# Keys
consumer_key = ''
consumer_secret = ''
access_token = ''
@mchow01
mchow01 / TWTR-mongo.py
Created March 16, 2015 20:13
Store tweets from a Twitter timeline into a Mongo database using Tweepy
import tweepy
import pymongo
# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
# PyMongo API doc here: https://pypi.python.org/pypi/pymongo/
# Keys
consumer_key = ''
consumer_secret = ''
access_token = ''
@mchow01
mchow01 / TWTR-tracker.py
Last active July 6, 2020 21:12
Twitter Stream Tracker + Inserting Data into (MySQL) Database
import tweepy
import MySQLdb
import sys
import os
import logging
# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
# Keys
consumer_key = os.getenv("TWITTER_CONSUMER_KEY")