Nik Cubrilovic nikcub

## clear-ga.sh
#!/bin/bash
#
# shell script will clear all google analytics cookies from chrome cookie store
#
SQ3=`which sqlite3`
$SQ3 ~/Library/Application\ Support/Google/Chrome/Default/Cookies "delete from cookies where name like '__u%'"

## nav.js
// get the map element
var el = $('.map')[0];

// amount in pixels we want to move each keypress/hold
var move = 200;

function fakeMouseEvent(type, x, y) {
    var evt = document.createEvent("MouseEvents");
    evt.initMouseEvent(type, true, true, window,
                       0, 0, 0, x, y, false, false, false, false, 0, null);

## gist:2634960

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                nikcub
                / gist:2634960
            
            
              Created
              May 8, 2012 13:25
            
              
                Comic Sansify
              
          
    Comicsansify;")

  
## admin.less
// to build:
// lessc <filename> > site.css
// lessc <filename> > site.min.css --compress

// the swatch
@color1:  #55626b;
@color2:  #6c9380;
@color3:  #c1ca55;
@color4:  #f07d6b;
@color5:  #ad5472;

## mails.sh
#!/bin/sh

/usr/bin/osascript > /dev/null <<ASCPT
  set stdinText to "$(cat | sed -e 's/\\/\\\\/g' -e 's/\"/\\\"/g')"
  set recName to "Nik Cubrilovic"
  set recAddr to "nikcub@gmail.com"
  set theSubject to "Email from standard input"

  tell application "Mail"


## mails.sh
#!/bin/sh

/usr/bin/osascript > /dev/null <<ASCPT
  set stdinText to "$(cat | sed -e 's/\\/\\\\/g' -e 's/\"/\\\"/g')"
  set recipientName to "John Doe"
  set recipientAddress to "nobody@nowhere.com"
  set theSubject to "Email from standard input"
  set theContent to "This email was created and sent using AppleScript!"

  tell application "Mail"

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                nikcub
                / keybase.md
            
            
              Created
              March 9, 2015 22:58
            
              
                keybase.md
              
          
    Keybase proof

I hereby claim:

I am nikcub on github.
I am nikcub (https://keybase.io/nikcub) on keybase.
I have a public key whose fingerprint is E207 612C E504 10EF B789  6E34 2E4C E6CA 3D38 5CC5

To claim this, I am signing this object:

  
## tor-upgrade.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                nikcub
                / tor-upgrade.md
            
            
              Last active
              August 29, 2015 14:10
            
              
                Tor HTTP to Onion Upgrade Protocol Draft Proposal
              
          
    Tor HTTP Upgrade Protocol Draft Proposal

Version 0.1
6th December 2014
This is very much a draft - there are many security, privacy and performance considerations
1. Background


## test.php
$ids = array_map('trim', $_POST['ids']);
$ids = array_map('intval', $ids);
$ids = implode(',', array_values($ids));
$db->query("SELECT * from table where id IN(" . $ids . ")");

## disqus-xss.html
<!--
Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5

Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/

12th August 2014

Nik Cubrilovic - www.nikcub.com

Most of these params are unfiltered/injectable. Not framable on newer Wordpress.
	#!/bin/bash
	#
	# shell script will clear all google analytics cookies from chrome cookie store
	#
	SQ3=`which sqlite3`
	$SQ3 ~/Library/Application\ Support/Google/Chrome/Default/Cookies "delete from cookies where name like '__u%'"
	// to build:
	// lessc <filename> > site.css
	// lessc <filename> > site.min.css --compress

	// the swatch
	@color1: #55626b;
	@color2: #6c9380;
	@color3: #c1ca55;
	@color4: #f07d6b;
	@color5: #ad5472;
	#!/bin/sh

	/usr/bin/osascript > /dev/null <<ASCPT
	set stdinText to "$(cat \| sed -e 's/\\/\\\\/g' -e 's/\"/\\\"/g')"
	set recName to "Nik Cubrilovic"
	set recAddr to "nikcub@gmail.com"
	set theSubject to "Email from standard input"

	tell application "Mail"
	$ids = array_map('trim', $_POST['ids']);
	$ids = array_map('intval', $ids);
	$ids = implode(',', array_values($ids));
	$db->query("SELECT * from table where id IN(" . $ids . ")");
	<!--
	Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5

	Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/

	12th August 2014

	Nik Cubrilovic - www.nikcub.com

	Most of these params are unfiltered/injectable. Not framable on newer Wordpress.