Bachue Zhou bachue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class A | |
| eval 'def f; "hello world"; end' | |
| end | |
| A.new.f # => "hello world" | |
| A.f # NoMethodError: undefined method `f' for A:Class | |
| f # NameError: undefined local variable or method `f' for main:Object | |
| class A | |
| eval 'self', TOPLEVEL_BINDING # => main |
bachue
/ rails_rce.rb
Last active
December 10, 2015 23:08
— forked from postmodern/rails_rce.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
bachue
/ rails_sqli.rb
Created
January 10, 2013 23:52
— forked from postmodern/rails_sqli.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails SQL Injection (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
bachue
/ rails_jsonq.rb
Created
January 10, 2013 23:52
— forked from postmodern/rails_jsonq.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Unsafe Query Generation (CVE-2013-0155) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI | |
| # | |
| # ## Synopsis | |
| # |
bachue
/ rails_dos.rb
Last active
December 10, 2015 23:08
— forked from postmodern/rails_dos.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails DoS (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Synopsis | |
| # |
bachue
/ gist:4502552
Last active
December 10, 2015 22:29
A test to prove Symbol can't be GC in both Ruby 1.9 and Ruby 1.8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MAX_LENGTH = 10 | |
| def generate(base_str) | |
| [('a'..'z'), ('A'..'Z'), ('0'..'9')].map(&:to_a).flatten.each do |char| | |
| str = base_str + char | |
| str.to_sym # You can comment this statement and compare the result | |
| generate(str) if str.size <= MAX_LENGTH | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Something | |
| module Base | |
| def my_method | |
| puts "(A) original functionality" | |
| end | |
| end | |
| module PreExtension | |
| def my_method | |
| puts "(B) before the original" |
bachue
/ gist:4472731
Last active
December 10, 2015 18:08
Finish a simple method alias, very easy implementation. super is also available in the block, it will call the same-name-method in superclass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class A | |
| def f() 'This is OldA#f' end | |
| end | |
| puts A.new.f # => This is OldA#f | |
| # ---------------- | |
| def alias_class_chain(cls, property, &block) | |
| old_class_name = "#{cls.name}Without#{property}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def a(&block) | |
| puts 'enter a' | |
| b &block | |
| puts 'exit a' | |
| end | |
| def b(&block) | |
| puts 'enter b' | |
| c &block | |
| puts 'exit b' |
bachue
/ gist:4431893
Last active
December 10, 2015 12:08
You can require a file with class description in a method, it works. But you can't include a class description directly in a method, it will cause SyntaxError, please check https://gist.github.com/4431884
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // main file | |
| def f | |
| require '2' | |
| puts C.new.g | |
| end | |
| f # => 'hello world' | |
| // 2.rb | |
| class C |