XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
namespaces - overview of Linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html
mount_namespaces - overview of Linux mount namespaces
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠| |
| 0 |
| #!/bin/bash -eo pipefail | |
| # Log in to Slack in a web browser and open the network tools to inspect the traffic. | |
| # Filter the requests with "/api/" and pick one to inspect. | |
| # You need the xoxc token from the request body, and a copy of the cookies. It is the "d" cookie that is important, but you can copy all of them. Make sure that the cookie value is percent encoded! | |
| # Paste the values below. | |
| # You need to have curl and jq installed. | |
| # You can also get the xoxc token from localStorage. Run this in the JavaScript console: | |
| # Object.entries(JSON.parse(localStorage.localConfig_v2)["teams"]).reduce((o,e) => Object.assign(o, { [e[1]["name"]]: e[1]["token"] }), {}) |
| #!/bin/bash | |
| ## LUKS remote decrypt for Ubuntu 16.04.1 - by BinaryShrub | |
| # NOTES: | |
| # Tailor lines 67 - 69 to your system before running! | |
| # Use at your own risk! | |
| # Safety Check | |
| if [ "$EUID" -ne 0 ] | |
| then echo "You must run this as root" |
Sometimes you may want to undo a whole commit with all changes. Instead of going through all the changes manually, you can simply tell git to revert a commit, which does not even have to be the last one. Reverting a commit means to create a new commit that undoes all changes that were made in the bad commit. Just like above, the bad commit remains there, but it no longer affects the the current master and any future commits on top of it.
git revert {commit_id}
Deleting the last commit is the easiest case. Let's say we have a remote origin with branch master that currently points to commit dd61ab32. We want to remove the top commit. Translated to git terminology, we want to force the master branch of the origin remote repository to the parent of dd61ab32:
| ########## | |
| # | |
| # Replace full.domain.com with your domain | |
| # | |
| # This is tested on CentOS 6.x, but might work similarly on other OS installations | |
| # | |
| ########## | |
| # Generate a key | |
| openssl genrsa -out "/etc/nginx/ssl/full.domain.com.key" 2048 |
| precision lowp float; | |
| uniform sampler2D channel0; | |
| uniform float time; | |
| varying vec2 vTextureCoord; | |
| // rendering params | |
| const float sphsize = 0.8; // planet size | |
| const float dist = 0.08; // distance for glow and distortion |