Skip to content

Instantly share code, notes, and snippets.

View maxvyaznikov's full-sized avatar

Max Vyaznikov maxvyaznikov

View GitHub Profile
@maxvyaznikov
maxvyaznikov / ajax93t411.js
Created August 27, 2015 07:29
MySQL/MariaDB SQL Insert Injection throw AJAX Exploration Script.
var ANS_START = " '~",
ANS_STOP = "' SQL=",
ANS_LIM = 31;
function ajax93t411(start_from, lim, construct_req) {
start_from = start_from || 0;
lim = lim || 1; // Can be -1. -1 if for "while no Err"
function req(i, offset, callback) {
@maxvyaznikov
maxvyaznikov / proxy_s5.py
Last active August 29, 2015 14:27 — forked from rupa/proxy_s5.py
forking version
#!/usr/bin/python
# Filename s5.py
# Python Dynamic Socks5 Proxy
# Usage: python s5.py 1080
# Background Run: nohup python s5.py 1080 &
# Email: [email protected]
import socket, sys, select, SocketServer, struct, time
SocketServer.TCPServer.allow_reuse_address = True
@maxvyaznikov
maxvyaznikov / raw.js
Last active October 15, 2022 02:19
NodeJS, raw-socket, custom TCP/IPv4 SYN-packet sending
var raw = require("raw-socket");
var ip = require('ip');
var util = require('util');
function send(src_ip, src_port, dst_ip, dst_port) {
var socket = raw.createSocket({
protocol: raw.Protocol.TCP, // See http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
addressFamily: raw.AddressFamily.IPv4
});
<script>
var vals = [];
var last_packets_num = 10;
callback = function(f){
my_ip = f.ip;
setInterval(calc,1000)
}
calc = function(){
var x=new Date
@maxvyaznikov
maxvyaznikov / gist:fc641d8495d084248473
Last active August 29, 2015 14:09
Mashery API 2.0 Trick
// Next request will return only fields of package_key objects
{
"method": "object.query",
"params": ["SELECT * FROM package_keys WHERE apikey='abcdefgh'"],
"id": 1
}
// But next one will return some related objects
// See http://support.mashery.com/docs/read/mashery_api/20/Query_Language for details
{
@maxvyaznikov
maxvyaznikov / gist:e282764465f1fead480a
Created November 5, 2014 07:15
Recipies for imapseagull-storage-mongo
# Make html safe for imapseagull-storage-mongo.
# Use post_parse_handlers setting to add
var sanitizer = require('sanitizer'); # https://github.com/theSmaw/Caja-HTML-Sanitizer
var _tagPolicy = sanitizer.makeTagPolicy(),
_hrefScript = ['javascript:', 'vbscript:'],
_tags = ['img', 'a'], _attrs = ['src', 'href']; # Sanitizer erased all, so it's for exception
function sanitizationTagPolicy(storage, mail, tagName, attribs) {
if (_tags.indexOf(tagName) >= 0 && attribs.length) {
@maxvyaznikov
maxvyaznikov / gist:10527002
Last active March 28, 2019 11:33
Django: AJAX-friendly views
import json
from django.views.generic import TemplateView
from django.http import HttpResponse, HttpResponseBadRequest
from lib import ExtendedDjangoJSONEncoder
class RequestMixin(object):
def dispatch(self, request, *args, **kwargs):
@maxvyaznikov
maxvyaznikov / gist:10526923
Last active August 29, 2015 13:59
Make Django Models and QuerySets json serializable
from django.core.serializers.json import DjangoJSONEncoder
from django.db.models import Model
from django.db.models.query import QuerySet
from django.forms import model_to_dict
class ExtendedDjangoJSONEncoder(DjangoJSONEncoder):
def default(self, o):
if hasattr(o, 'to_dict'):
return o.to_dict()
@maxvyaznikov
maxvyaznikov / gist:5658055
Created May 27, 2013 16:50
Working with django-cron, should forever have near this CronJob. Shortly, this CronJob erased (drops/remove/delete) old log records from django-cron from DB.
# coding=utf-8
from datetime import date, timedelta
import logging
from django_cron import CronJobBase, Schedule
from django_cron.models import CronJobLog
logger = logging.getLogger('captcha')
class DropLogs(CronJobBase):