Skip to content

Instantly share code, notes, and snippets.

Avatar
🔒
https://localhost/?bbq="omg">'wtf'

Michal Špaček spaze

🔒
https://localhost/?bbq="omg">'wtf'
View GitHub Profile
@spaze
spaze / README-azure-storage-php-patches.md
Last active Mar 24, 2022
azure-storage-php composer patches for cweagans/composer-patches
View README-azure-storage-php-patches.md
  1. Install composer-patches plugin
composer require cweagans/composer-patches
  1. Download all the files (*.diff & *.json) to patches subdirectory of your project

  2. Add the following to your composer.json:

	"extra": {
@spaze
spaze / cert.pem
Created Jun 5, 2021
Self signed cert expiring in one day
View cert.pem
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUHaHTeqKOXVJAuOJtLu3vqYfgVaAwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCQ1oxDDAKBgNVBAgMA0ZvbzEMMAoGA1UEBwwDQmFyMQww
CgYDVQQKDANCYXoxDjAMBgNVBAsMBVdhbGRvMRcwFQYDVQQDDA5zZWxmLnNpZ25l
ZC5jejAeFw0yMTA2MDUyMTExMjRaFw0yMTA2MDYyMTExMjRaMGAxCzAJBgNVBAYT
AkNaMQwwCgYDVQQIDANGb28xDDAKBgNVBAcMA0JhcjEMMAoGA1UECgwDQmF6MQ4w
DAYDVQQLDAVXYWxkbzEXMBUGA1UEAwwOc2VsZi5zaWduZWQuY3owggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUYp5WfN2Btdd1bg7uMP7nlUO5l4AXZXFq
XIM/Vdv+1tZMaMeKMW9mwYJoXySUNJS5/ix8pPdZL7szGZ8tqMMAisdjmNMfvg0e
mZu9/9yMh7vRDe/KU4u2rKPw4gvZNVx42ptIa1hAecjBwoVxysumBJh9HPo3z1d7
@spaze
spaze / index.php
Created Apr 10, 2021
xsssk sources snippet
View index.php
<?php
function index()
{
echo ascii('xsssk');
}
function rick()
{
header('Location: https://media.giphy.com/media/Vuw9m5wXviFIQ/giphy.gif', true, 301);
}
@spaze
spaze / find-cve-2020-15227.sh
Last active May 20, 2021
CVE-2020-15227 nette/application RCE in-place patch
View find-cve-2020-15227.sh
#!/bin/bash
# Find files in CVE-2020-15227 nette/application issue
# by @spazef0rze
# Run with `bash find-cve-2020-15227.sh`, works on Linux, FreeBSD, tested on Ubuntu 18.04, FreeBSD 11.4
# This is a universal finder for all affected versions.
# Requirements: find, grep, bash (might work with your default shell but YMMV)
# The fixes:
@spaze
spaze / cz-stripped-subdomains.txt
Last active Mar 3, 2020 — forked from kokes/cz.txt
.cz domains *potentially* affected by this CAA problem https://letsencrypt.org/caaproblem/ - test at https://unboundtest.com/caaproblem.html
View cz-stripped-subdomains.txt
# Stripped subdomains (foo.example.com => example.com, doesn't mean example.com was in the original list)
# regex [a-z*0-9\-]+\.cz(?=[ \]])
05.cz
0e.cz
0oo.cz
1000miglia.cz
1000oken.cz
1000zkh.cz
1001.cz
1001hry.cz
View haveibeencaffeinated.php
<?php
// https://en.wikipedia.org/wiki/Category:Coffee_brands
$covfefes = [
'alterracoffeeroasters',
'angiangcoffee',
'angelinus',
'autocrat',
'barcaffe',
'batdorfbronson',
'bewleys',
@spaze
spaze / pbkdf2-symfony-polyfill.php
Last active Oct 12, 2018
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow, DO NOT USE, use hash_pbkdf2 available in PHP 5.5+ if you must use PBKDF2 but just use password_hash) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
View pbkdf2-symfony-polyfill.php
<?php
function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
{
// Number of blocks needed to create the derived key
$blocks = ceil($length / strlen(hash($algorithm, null, true)));
$digest = '';
for ($i = 1; $i <= $blocks; $i++) {
$ib = $block = hash_hmac($algorithm, $salt . pack('N', $i), $password, true);
// Iterations
for ($j = 1; $j < $iterations; $j++) {
@spaze
spaze / 307timing.txt
Created Mar 8, 2018
The 307 timing includes 200's content download
View 307timing.txt
662538: URL_REQUEST
http://www.michalspacek.cz/
Start Time: 2018-03-09 00:52:52.274
t=10702 [st= 0] +REQUEST_ALIVE [dt=76]
--> priority = "HIGHEST"
--> url = "http://www.michalspacek.cz/"
t=10702 [st= 0] URL_REQUEST_DELEGATE [dt=1]
t=10703 [st= 1] +URL_REQUEST_START_JOB [dt=0]
--> load_flags = 37122 (BYPASS_CACHE | MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VERIFY_EV_CERT)
View result.txt
id select_type table partitions type possible_keys key key_len ref rows filtered Extra
1 SIMPLE foo ref code code 34 const 1 100.00 Using index
id select_type table partitions type possible_keys key key_len ref rows filtered Extra
1 SIMPLE foo index code code 34 12 10.00 "Using where; Using index"
@spaze
spaze / ssls-letsencrypt.md
Last active Mar 15, 2018
Otevřená odpověd ssls.cz na e-mail s předmětem "Upozornění: Zabezpečení domény"
View ssls-letsencrypt.md

Provozovatelé ssls.cz poslali e-mail zákazníkům, kteří od nich dříve kupovali certifikáty, ale přešli na certifikáty od Let's Encrypt. Ukázku toho e-mailu najdete na https://twitter.com/parisek/status/802847950863011840, podobná srovnávací tabulka je i na https://www.ssls.cz/lets-encrypt.html. Napsal jsem ssls.cz otevřenou odpověď, kterou najdete v nezměněné podobě níže. (Opravil jsem jen překlepy a chybějící interpunkční znaménka, díky za jejich nahlášení.)

Dobrý den,

(tuto odpověď píšu jako otevřený dopis, publikoval jsem ji také na https://gist.github.com/spaze/e081b948b8cd7d06dddbe9e6fa65c5ac)

díky za e-mail, jsem Vaším bývalým zákazníkem a podobným textem, který obsahuje zavádějící i nepravdivé informace, si mě nezískáte zpět. Pro mě