Skip to content

Instantly share code, notes, and snippets.

View robertchrk's full-sized avatar

Robert Kugler robertchrk

45 followers · 3 following
View GitHub Profile
@mikesparr
mikesparr / gcp-audit-log-sink-bigquery-gcloud.sh
Last active November 2, 2023 11:41
Example setting up aggregate log sink for Audit Logs on Google Cloud Platform (GCP) shipping to BigQuery
#!/usr/bin/env bash
#####################################################################
# REFERENCES
# - https://cloud.google.com/logging/docs/export/aggregated_sinks
# - https://cloud.google.com/bigquery/docs/datasets#bq
# - https://cloud.google.com/bigquery/docs/access-control-basic-roles
#####################################################################
export PROJECT_ID=$(gcloud config get-value project)
@jupenur
jupenur / jqm-xss.md
Created May 4, 2019 13:44

Multiple vulnerabilities in jQuery Mobile

Summary

All current versions of jQuery Mobile (JQM) as of 2019-05-04 are vulnerable to DOM-based Cross-Site Scripting (XSS) via crafted URLs. In JQM versions up to and including 1.2.1, the only requirement is that the library is included in a web application. In versions > 1.2.1, the web application must also contain a server-side API that reflects back user input as part of an HTTP response of any type. Practically all non-trivial web applications contain at least one such API.

Additionally, all current versions of JQM contain a broken implementation of a URL parser, which can lead to security issues in affected applications.