John Whish aliaspooryorik
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <cfscript> | |
| function test(pattern) { | |
| return ReReplace(s, pattern, "-----", 'all'); | |
| } | |
| s = "Fred Bloggs says 'My name is Fred | |
| bloGGs my brother is Alfred Bloggs and I blog about people called fred or freddie'. x:Fred bloggss y: Fred bloggsss Yours FRED BLOGGS"; | |
| variations = [ | |
| "(?im)(?:(\b|^)Fred\s+Bloggss?(\b|$))", | |
| "(?im)(\b|^)Fred\s+Bloggss?(\b|$)", | |
| "(?im)\bFred\s+Bloggss?\b", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // not intended for real-life usage :) | |
| function range (start, end) { | |
| return repeatString("_,", end-start+1).listToArray().map(function(el, i) { | |
| return start+i-1; | |
| }); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <cfscript> | |
| input = [ | |
| '[email protected]', | |
| 'bar@locahost', | |
| 'bar"locahost' | |
| ]; | |
| foo = validateEmails(input); | |
| writeDump(foo.hasErrors()); | |
| writeDump(foo.getErrors()); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <cfscript> | |
| foo = queryNew( | |
| "id,name,group", | |
| "Integer,Varchar,varchar", | |
| [ | |
| [1,"One", "A"], | |
| [2,"Two", "A"], | |
| [3,"Three", "B"], | |
| [4,"Four", "C"], |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <cfscript> | |
| // Kudos to Jamie Purchase | |
| function humaniseSeconds(seconds) { | |
| var result = []; | |
| var parts = createObject("java", "java.util.LinkedHashMap").init(); | |
| parts["week"] = (3600 * 24) * 7; | |
| parts["day"] = (3600 * 24); | |
| parts["hour"] = 60 * 60; | |
| parts["minute"] = 60; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <SAMLResponse> | |
| <Issuer>https://idp.com/</Issuer> | |
| <Assertion ID="_id1234"> | |
| <Subject> | |
| <NameID>[email protected]<!--hack-->.evil.com</NameID> | |
| </Subject> | |
| </Assertion> | |
| <Signature> | |
| <SignedInfo> | |
| <CanonicalizationMethod Algorithm="xml-c14n11"/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!--- | |
| SEE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | |
| Testing if SAML comment injection can be used to chnage XmlText without changing the signature | |
| ---> | |
| <cfhttp url="https://gist.githubusercontent.com/aliaspooryorik/5c72724d5c3614f5e31d10d47dd3e52f/raw/be3631a275fcdfcc1dc882bdeeeb947118e19268/EvilSAMLtest.xml" result="saml"></cfhttp> | |
| <cfset xml = XmlParse(saml.filecontent)> | |
| <cfdump var="#XmlSearch(xml, "SAMLResponse/Assertion/Subject/NameID")#"> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <SAMLResponse> | |
| <Issuer>https://idp.com/</Issuer> | |
| <Assertion ID="_id1234"> | |
| <Subject> | |
| <NameID>[email protected]<!---->.evil.com</NameID> | |
| </Subject> | |
| </Assertion> | |
| <Signature> | |
| <SignedInfo> | |
| <CanonicalizationMethod Algorithm="xml-c14n11"/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class MyClass { | |
| public static void main(String args[]) { | |
| int x=10; | |
| for (int i=0; i != 100; i++) { | |
| int a = x+i; | |
| } | |
| System.out.println("X is = " + x); | |
| System.out.println("A is = " + a); |
aliaspooryorik
/ callStackGet.cfm
Created
January 11, 2018 15:03
callStackGet - stolen from Ryan Guill
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private function expect (required any testValue, required any targetValue, string message = "") { | |
| arguments.message &= "<br /> expected [" & encodeForHtml(toString(arguments.targetValue)) & "] <br /> but received [" & encodeForHtml(toString(testValue)) & "] <br />"; | |
| if (arguments.testValue != arguments.targetValue) { | |
| var cs = callStackGet(); | |
| var lineRef = ""; | |
| for (var line in cs) { | |
| if (structKeyExists(line, "Function") && line["Function"] == getFunctionCalledName()) { | |
| continue; | |
| } |