mysql-binuuid-rails is vulnerable to SQL injection: Model.where(uuid: "ff' OR ''='") turns into:
SELECT `model`.* FROM `model` WHERE `model`.`uuid` = x'ff' OR ''='' LIMIT 11
Stanisław Pitucha viraptor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEGIN { | |
| st_waitnewconn = 0 | |
| st_headers = 1 | |
| st_body = 2 | |
| size_threshold = 4000 | |
| } | |
| function count_headers(headers_string, dir) { | |
| split(headers_string, headers, "\n") |
viraptor
/ process.py
Created
July 30, 2019 09:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| from collections import defaultdict | |
| import hashlib | |
| def calc_hash(line, num): | |
| m = hashlib.sha256() | |
| m.update(line.encode('ascii')) | |
| m.update(b",") |
viraptor
/ CVE-2018-18476.md
Last active
October 23, 2018 12:54
viraptor
/ addr tests
Created
May 16, 2010 20:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import net/[Address] | |
| import proof | |
| test("same ip4 addresses", func () { | |
| ip1 := IP4Address new("1.2.3.4") | |
| ip2 := IP4Address new("1.2.3.4") | |
| assert(ip1 == ip2) | |
| assert(!(ip1 != ip2)) | |
| }) |
viraptor
/ middleware.py
Created
January 23, 2010 02:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| if asbool(static_files): | |
| # Serve static files | |
| static_app = StaticURLParser(config['pylons.paths']['static_files']) | |
| app = Cascade([static_app, app]) | |
| app = CloseConnection(app) | |
| return app | |
| class CloseConnection: |
viraptor
/ keybase.md
Created
March 12, 2015 22:40
I hereby claim:
- I am viraptor on github.
- I am viraptor (https://keybase.io/viraptor) on keybase.
- I have a public key whose fingerprint is C28C 27BE 0EBC 1D23 34CA 28DB 6A5C 9227 4A99 6B04
To claim this, I am signing this object: