mariuszpoplawski

CVE-2020-11976 - Apache wicket LFI / markup source file read vulnerability
------------------------------------------

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. 
This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. 
Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

For example if there are credentials in the markup which are never supposed to be visible to the client:

  <wicket:remove>

michelem09

var keythereum = require('keythereum');
var Wallet = require('ethereumjs-wallet');

// Generate private key
var dk = keythereum.create();
var keyObject = keythereum.dump('password', dk.privateKey, dk.salt, dk.iv);
var privateKeyString = dk.privateKey.toString('hex');
console.log('Private key', privateKeyString);

// Get public key

dimitrov

{% if messages %}
  {% for message in messages %}
  <div class="alert alert-{{ message.tags }} alert-dismissible text-center" role="alert">
    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
    <strong>{% if message.level == DEFAULT_MESSAGE_LEVELS.ERROR %}Error{% else %}{{ message.tags|title }}{% endif %}!</strong> {{ message }}
  </div>
  {% endfor %}
{% endif %}

rsgranne

// Place your settings in this file to overwrite the default settings
{
  "breadcrumbs.enabled": true,
  "editor.acceptSuggestionOnEnter": "on",
  "editor.detectIndentation": false,
  "editor.fontFamily": "'Source Code Pro', Menlo, Consolas, Courier, monospace",
  "editor.fontSize": 11,
  "editor.formatOnSave": true,
  "editor.multiCursorModifier": "ctrlCmd",
  "editor.quickSuggestions": {

screetsec

curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed  "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do  URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u  Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt

martin-mok

Description

One of the simplest and most widely known ciphers is a Caesar cipher, also known as a shift cipher. In a shift cipher the meanings of the letters are shifted by some set amount. A common modern use is the ROT13 cipher, where the values of the letters are shifted by 13 places. Thus 'A' ↔ 'N', 'B' ↔ 'O' and so on. Write a function which takes a ROT13 encoded string as input and returns a decoded string. All letters will be uppercase. Do not transform any non-alphabetic character (i.e. spaces, punctuation), but do pass them on.

Tests

ldong

Download videos from egghead

Go to the egghead website, i.e. Building a React.js App

run

$.each($('h4 a'), function(index, video){
  console.log(video.href);
});

christiangenco

Download videos from egghead

1. Install the React Developer Tools Chrome Extension.

2. Go to the egghead website, i.e. Getting Started with Redux

3. Click View -> Developer -> Javascript Console, then the React tab, then the <NextUpLessonList ...> tag.

4. Click back to the Console tab, then run:

letanure

Deverus Vue.js Style Guide

Guide for developing Vue.js applications.

v. 0.0.1

Vue.js is an amazing framework, which can be as powerful as Angular or React, the two big heavy hitters in the world of front-end frameworks.

However, most of Vue's ease-of-use is due to the use of Observables - a pattern that triggers re-renders and other function calls with the reassignment of a variable.

t4sk

How to convert private key to WIF

0. Overview

WIF = base58check encode ([version byte][private key][checksum])

version byte = 80 for mainnet, ef for testnet and regtest

checksum = first 4 bytes of double SHA256 of private key