I hereby claim:
- I am thedroidgeek on github.
- I am thedroidgeek (https://keybase.io/thedroidgeek) on keybase.
- I have a public key whose fingerprint is B83D F329 A98D D3B7 007B FBF4 52B2 120E AA07 71AA
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env python | |
# | |
# learning python and making use of my ocd by sharing heavily commented scripts | |
# i've probably spent too much time on because i had nothing better to do (part 1): | |
# solution for a pwn challenge (the name of which is intentionally omitted to prevent spoilers) | |
# binary: https://bit.ly/2Pdu90o | |
# | |
# by Sami Alaoui (thedroidgeek) | |
# |
#!/usr/bin/env python3 | |
# | |
# Nokia/Alcatel-Lucent router backup configuration tool | |
# | |
# Features: | |
# - Unpack/repack .cfg files generated from the backup and restore functionnality | |
# in order to modify the full router configuration | |
# - Decrypt/encrypt the passwords/secret values present in the configuration |
; | |
; An autohotkey script for MSI gaming laptops that have swapped Win & Fn keys | |
; to add macros for the Menu key and media controls | |
; | |
; Fn (single press): Meny key (Shift+F10) | |
; Fn + Ctrl: Play/Pause | |
; Fn + Ctrl + ⇦: Previous | |
; Fn + Ctrl + ⇨: Next | |
; |
A reflected XSS vulnerability via a POST request to /tool/ack.php affecting all ProjectOr versions up to v11.0.2 (unpatched)
It was possible to bypass the very basic and incomplete security measure (detection of the <script> tag) that exists in the checkValidHtmlText() function of the /model/Security.php file of the solution.