I hereby claim:
- I am kristovatlas on github.
- I am kristovatlas (https://keybase.io/kristovatlas) on keybase.
- I have a public key whose fingerprint is A9CE 8949 F2DE 1D7A 8837 13EB 0D3F B453 5AB1 880B
To claim this, I am signing this object:
Kristov Atlas kristovatlas
kristovatlas
/ injection.html
Last active
March 18, 2016 19:41
A simple Angular injection using $scope.$eval without reflection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- angular injection using $scope.$eval --> | |
| <!DOCTYPE html> | |
| <html ng-app> | |
| <head> | |
| <script src="http://ajax.googleapis.com/ajax/libs/angularjs/1.1.1/angular.js"></script> | |
| <script type="text/javascript"> | |
| function MyController($scope) { | |
| $scope.hack_the_planet = function() { | |
| // POC: constructor.constructor('alert(1337)')() | |
| $scope.$eval($scope.myinput); |
kristovatlas
/ injection.js
Created
March 4, 2016 21:52
A simple example of an Angular injection using $scope.$eval
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- angular injection using $scope.$eval --> | |
| <!DOCTYPE html> | |
| <html ng-app> | |
| <head> | |
| <script src="http://ajax.googleapis.com/ajax/libs/angularjs/1.1.1/angular.js"></script> | |
| <script type="text/javascript"> | |
| function MyController($scope) { | |
| $scope.hack_the_planet = function() { | |
| $scope.myoutput = $scope.$eval($scope.myinput); | |
| } |
kristovatlas
/ HIT scribbles
Last active
October 3, 2015 02:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| standard rules: | |
| 1. # unique input scripts == # unique output scripts | |
| 2. all output scripts unique | |
| 3. at least one pair of outputs has equal value | |
| alternate rules (replace standard rule 1): | |
| 1A. # unique inputs > 1 | |
| 1B. # of unique input scripts > # unique output scripts / 2 | |
| tx 01 (standard form): |
kristovatlas
/ gist:6d5766e40118596c11fe
Created
March 3, 2015 21:25
+kristov on onename verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that +kristov is my openname (Bitcoin username). https://onename.com/kristov |
kristovatlas
/ keybase.md
Created
December 23, 2014 20:39
NewerOlder