Skip to content

Instantly share code, notes, and snippets.

@forced-request
forced-request / server.js
Created February 22, 2019 21:06
Handle all uncaught exceptions to prevent node service from crashing. This is useful for preventing denial-of-service attacks in Node.JS
/* Tell Node not to crash */
process.on('uncaughtException', function (err) {
console.log('Caught exception: ', err);
});
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@@trav_string = '%5c%2e%2e%2f'
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
@forced-request
forced-request / json_encode-xss-prevention.php
Created July 27, 2015 23:37
Using json_encode to prevent JS context XSS
<html>
<body>
<script>
var a = “prefix” + <?= json_encode($_GET['p']); ?> + “suffix”;
</script>
</body>
</html>
@forced-request
forced-request / htmlentities_javascript.php
Last active August 29, 2015 14:26
htmlentities in JavaScript context
<html>
<body>
<script>
var a = '<?= htmlentities($_GET['p']); ?>';
</script>
</body>
</html>
def show
template = params[:id]
d = Dir[“myfolder/*.erb]
if d.include?(“myfolder/#{template}.erb”)
render "myfolder/#{template}"
else
# throw exception or 404
end
end
def show
template = params[:id]
valid_templates = {
"dashboard" => "dashboard",
"profile" => "profile",
"deals" => "deals"
}
if valid_templates.include?(template)
def show
render params[:template]
end
@forced-request
forced-request / gist:7ff7fe31632c23d47f6c
Created December 23, 2014 13:14
SlimerJS callbacks not working
wp = require("webpage").create();
wp.onAlert = function(text) {
console.log("Alerted: " + text);
};
wp.content = "<html><body>Hello: <iframe src='f' onerror='prompt(299792458)'></iframe><script>window.alert(\"Normal Func\")</script></body></html>";
wp.evaluate(function (wp) {
}, wp);
def Attack
end
require 'lib/request'
puts "hi"