Lecture 1: Introduction to Research — [📝Lecture Notebooks] [
Lecture 2: Introduction to Python — [📝Lecture Notebooks] [
Lecture 3: Introduction to NumPy — [📝Lecture Notebooks] [
Lecture 4: Introduction to pandas — [📝Lecture Notebooks] [
Lecture 5: Plotting Data — [📝Lecture Notebooks] [[
chenxu zhao zztczcx
farid007
/ Rconfig File Upload RCE Exploit
Last active
November 15, 2022 06:17
Rconfig 3.9.4 File Upload RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Remote Code Execution via File Upload (CVE-2020-12255) | |
| The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. | |
| The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. | |
| Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. | |
| since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. | |
| Steps To Reproduce-: |
How to configure your Mac to use DNS over TLS in five easy steps:
-
Install Stubby with Homebrew (https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby):
brew install stubby -
Edit the configuration file:
When used from the command line, the xmllint tool doesn't accept namespaces in xpath expressions. This makes it difficult to process XML documents like the one below (file demo.xml):
<?xml version="1.0" standalone="yes"?>
<svrl:schematron-output xmlns:svrl="http://purl.oclc.org/dsdl/svrl" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:schold="http://www.ascc.net/xml/schematron" xmlns:sch="http://www.ascc.net/xml/schematron" xmlns:iso="http://purl.oclc.org
iaintshine
/ queue.rb
Created
August 14, 2014 17:07
A Ruby implementation of a Queue data structure using a Single Linked List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'test/unit' | |
| class Queue | |
| include Enumerable | |
| Node = Struct.new :element, :next | |
| attr_reader :head, :tail, :size | |
| def initialize(items = []) |
evancz
/ Architecture.md
Last active
December 21, 2022 14:28
Ideas and guidelines for architecting larger applications in Elm to be modular and extensible
This document is a collection of concepts and strategies to make large Elm projects modular and extensible.
We will start by thinking about the structure of signals in our program. Broadly speaking, your application state should live in one big foldp. You will probably merge a bunch of input signals into a single stream of updates. This sounds a bit crazy at first, but it is in the same ballpark as Om or Facebook's Flux. There are a couple major benefits to having a centralized home for your application state:
- There is a single source of truth. Traditional approaches force you to write a decent amount of custom and error prone code to synchronize state between many different stateful components. (The state of this widget needs to be synced with the application state, which needs to be synced with some other widget, etc.) By placing all of your state in one location, you eliminate an entire class of bugs in which two components get into inconsistent states. We also think yo
colmarius
/ script_mongodump_mongorestore.sh
Last active
March 1, 2018 18:42
Mongodump / Mongorestore example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## Prefer mongodump/mongorestore instead of mongoexport/mongoimport, | |
| ## as it will "export" additional metadata, like indexes etc. | |
| ## | |
| ### Mongodump example | |
| # Required: host, db, collection, out | |
| # Optional: query (limit results) | |
| mongodump --host mongodb1.example.net \ |
dhh
/ test_induced_design_damage.rb
Last active
June 22, 2023 06:18
This is an extraction from Jim Weirich's "Decoupling from Rails" talk, which explained how to apply the hexagonal design pattern to make every layer of your application easily unit testable (without touching the database etc). It only seeks to extract a single method, the EmployeesController#create method, to illustrate the design damage that's …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Original Rails controller and action | |
| class EmployeesController < ApplicationController | |
| def create | |
| @employee = Employee.new(employee_params) | |
| if @employee.save | |
| redirect_to @employee, notice: "Employee #{@employee.name} created" | |
| else | |
| render :new | |
| end |
madjar
/ scrapper.py
Last active
March 5, 2023 15:02
A example of scrapper using asyncio and aiohttp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import aiohttp | |
| import bs4 | |
| import tqdm | |
| @asyncio.coroutine | |
| def get(*args, **kwargs): | |
| response = yield from aiohttp.request('GET', *args, **kwargs) | |
| return (yield from response.read_and_close(decode=True)) |
NewerOlder