| # Run something in a db transaction, handle commit etc. | |
| # f is a function which takes db cursor as a parameter for callback | |
| def run_with_db(f): | |
| connection = None | |
| try: | |
| connection = psycopg2.connect(__get_connection_string(config)) | |
| cursor = connection.cursor() | |
| rv = f(cursor) # run something in db transaction | |
| cursor.close() |
| #!/bin/bash | |
| # Original: https://gist.github.com/woowa-hsw0/caa3340e2a7b390dbde81894f73e379d | |
| set -eu | |
| umask 0022 | |
| TMPDIR=$(mktemp -d awsenv) | |
| echo "TEMPDIR $TMPDIR" |
| (ns postgresql-util | |
| "Common db validations" | |
| (:require [korma.core :as sql])) | |
| (defn validate-triggers | |
| "Checks that all tables in the database, except for Flyway's schema table, have triggers enabled." | |
| [] | |
| (let [flyway-table "schema_version" | |
| invalid-tables (sql/exec-raw | |
| (str "select table_name from information_schema.tables" |
| #!/bin/sh | |
| DOCKER=`which docker` | |
| IMAGE='owasp/zap2docker-weekly' | |
| URL='https://www.example.com' | |
| ZAP_API_PORT='8090' | |
| # Start our container | |
| CONTAINER_ID=`$DOCKER run -d \ | |
| -p $ZAP_API_PORT:$ZAP_API_PORT \ |
| #!/bin/sh | |
| DOCKER=`which docker` | |
| IMAGE='owasp/zap2docker-weekly' | |
| URL='https://www.example.com' | |
| ZAP_API_PORT='8090' | |
| # Start our container | |
| CONTAINER_ID=`$DOCKER run -d \ | |
| -p $ZAP_API_PORT:$ZAP_API_PORT \ |
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
| import javax.net.ssl.*; | |
| import java.security.GeneralSecurityException; | |
| /** | |
| * Vain kehityskäyttöön. Mahdollistaa https://localhost yhteydet ohittamalla Javan SSL turvamekanismit. | |
| * <p> | |
| * <ul> | |
| * <li>http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate</li> | |
| * <li>http://stackoverflow.com/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection</li> | |
| * <li>http://stackoverflow.com/questions/2290570/pkix-path-building-failed-while-making-ssl-connection</li> |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Copy-Paste from Website to Terminal</title> | |
| </head> | |
| <style> | |
| .codeblock { | |
| background-color: lightyellow; | |
| border: 1px dotted blue; | |
| margin-left: 50px; |
| Reaktor's Java application CTF challenge from Disobey 2018 | |
| It seems I was not the only one struggling with the Java application challenge. There was | |
| JAR file and that's how it began. | |
| After decompiling the JAR the main class contained code which didn't do anything. It looks like this: | |
| String encryptedResult = "[3, 63, -54, -8, -45, -89, -91, 40, -111, -77, -76, -49, 119, 8, -46, 9, -70, 99, -12, 3, 124, 65, -66, 104, -18, 4, 64, 87, 6, -72, 68, 121, -32, -52, -104, 25, -54, 71, -84, -128, -35, -115, -74, -26, -30, -127, -96, -42]"; | |
| String result = (String) null; | |
| String url = (String) null; |
| <?php | |
| /* | |
| This file can be useful in conjunction with DNSSpoof | |
| */ | |
| ?> | |
| <html> | |
| <body> | |
| <audio class="my_audio" preload="none" id = "saundi"> |