Yesterday I posted a little quiz on Twitter about HTML parsing.
The question was: what element is going to be the parent of the final <s>
in the following snippet of HTML:
<div><table><svg><foreignObject><select><table><s>
The final answers are:
# Values from the white paper | |
EXAMPLE_PHDR = 'L2 F\' B2 U D2 B U D\' F2 L\' F U2 R U\' L\' R\' U\' B F D U\''.split(" ") | |
EXAMPLE_LHDR = 'B U2 D2 R\' F U2 B R L\' B L\' B L\' D F\' L U\' B2 R F2 L\' F2'.split(" ") | |
EXAMPLE_MSG = 'F L U2 L2 F\' B D\' B2 L\' B\' U L2 F\' R2 D\' B\' U\' L\' B R D2 L2 R\' B F2 D\' U R B D2 U2 R2 U\' F2 R2 F D F2 B2 D\' R\' D R\' U\' F\' B2 U F2 D R U L F U2 L2 D R B D\' B\' U L U\''.split(" ") | |
# Values from the challenge | |
CHALL_PHDR = 'B2 R U F\' R\' L\' B B2 L F D D\' R\' F2 D\' R R D2 B\' L R'.split(" ") | |
CHALL_LHDR = 'L\' L B F2 R2 F2 R\' L F\' B\' R D\' D\' F U2 B\' U U D\' U2 F\''.split(" ") | |
CHALL_MSG = 'L F\' F2 R B R R F2 F\' R2 D F\' U L U\' U\' U F D F2 U R U\' F U B2 B U2 D B F2 D2 L2 L2 B\' F\' D\' L2 D U2 U2 D2 U B\' F D R2 U2 R\' B\' F2 D\' D B\' U B\' D B\' F\' U\' R U U\' L\' L\' U2 F2 R R F L2 B2 L2 B B\' D R R\' U L'.split(" ") |
[6:48 pm] <Guest25582> http://oortr.com/YmU5NT | |
[6:48 pm] <valorie> rather than pasting a random link, why not say what it is, Guest25582? | |
[6:48 pm] <Guest25582> Allah is doing | |
[6:48 pm] <Guest25582> sun is not doing Allah is doing | |
[6:48 pm] <Guest25582> moon is not doing Allah is doing | |
[6:48 pm] <meflin> this channel is about GSOC | |
[6:48 pm] <Guest25582> stars are not doing Allah is doing | |
[6:48 pm] <valorie> please stay on topic or leave, Guest25582 | |
[6:48 pm] <Guest25582> planets are not doing Allah is doing | |
[6:48 pm] <valorie> pfff |
Yesterday I posted a little quiz on Twitter about HTML parsing.
The question was: what element is going to be the parent of the final <s>
in the following snippet of HTML:
<div><table><svg><foreignObject><select><table><s>
The final answers are:
#!/usr/bin/env ruby | |
# gem install active_support | |
require 'active_support/inflector' | |
require 'active_support/core_ext/string' | |
# gem install webrick (only ruby3) | |
require 'webrick' | |
# gem install mechanize |
Select all and delete (actually move to buffer) | |
:%d | |
Select all and copy to buffer | |
:%y | |
Use p to paste the buffer. |
Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
# This is a proof-of-concept for a security bug in GitHub Actions which has since been fixed. | |
# See https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html for more information. | |
# The proof-of-concept was only ever used in a test environment to validate the existence of the | |
# vulnerability, and is shown here for educational purposes. | |
# | |
# The proof-of-concept would have the effect of creating a `vandalism.md` file, containing vandalism, | |
# on the default branch of a victim repository. | |
# | |
# To use the proof-of-concept, the steps would have been: | |
# 1. Fork the victim repository |
#!/usr/bin/env python3 | |
from scapy.all import * | |
from py2neo import Graph, Node, Relationship | |
packets = rdpcap("<your_pcap_file>") | |
g = Graph(password="<your_neo4j_password>") | |
for packet in packets.sessions(): | |
pkt = packet.split() |
""" | |
A Bitbucket Builds template for deploying | |
an application to AWS Elastic Beanstalk | |
joshcb@amazon.com | |
v1.0.0 | |
""" | |
from __future__ import print_function | |
import os | |
import sys | |
from time import strftime, sleep |