Skip to content

Instantly share code, notes, and snippets.

@benpickles

benpickles/hack.rb

Created December 18, 2009 10:28
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save benpickles/259423 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save benpickles/259423 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hack.rb
# Brutal hack to make all string/text columns alert("hack") if they're not
# being properly escaped.
models = Dir['app/models/*.rb'].map { |path|
name = File.basename(path, '.*')
name.camelize.constantize
}.reject { |klass|
klass.superclass != ActiveRecord::Base
}
hack = '<script type="text/javascript">alert("hack")</script>'
models.each do |model|
text_columns = model.columns.select(&:text?).map(&:name)
if text_columns.any?
puts "Hacking #{model.name}: #{text_columns.join(', ')}"
sql = "UPDATE #{model.table_name} SET "
sql << text_columns.map { |name|
"`#{name}` = '#{hack}'"
}.join(', ')
model.connection.execute sql rescue nil
end
end
@noemiarias249-arch
Copy link

noemiarias249-arch commented Jan 1, 2026

Thx

@noemiarias249-arch
Copy link

noemiarias249-arch commented Jan 1, 2026

https://gist.github.com/benpickles/259423.js

@noemiarias249-arch
Copy link

noemiarias249-arch commented Jan 1, 2026

<script src="https://gist.github.com/benpickles/259423.js"></script>

@noemiarias249-arch
Copy link

noemiarias249-arch commented Jan 1, 2026

-- Script taken from https://xenoscripts.com website --

script_key="PUT YOUR KEY HERE";
loadstring(game:HttpGet("https://raw.githubusercontent.com/ily123950/Vulkan/refs/heads/main/Tr"))()

@noemiarias249-arch
Copy link

noemiarias249-arch commented Jan 1, 2026

E

@skiboy7four-commits
Copy link

skiboy7four-commits commented Feb 9, 2026

Thx

@helloandgetoutpoorman
Copy link

helloandgetoutpoorman commented Feb 27, 2026

How do i put it on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment