paj28

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

noraj

Moving gulpfile from CommonJS (CJS) to ECMAScript Modules (ESM)

Context

del v7.0.0 moved to pure ESM (no dual support), which forced me to move my gulpfile to ESM to be able to continue to use del.

The author sindresorhus maintains a lot of npm packages and does not want to provides an upgrade guide for each package so he provided a generic guide. But this guide is a bit vague because it's generic and not helping for gulp, hence this guide.

Guide

kateinoigakukun

How to use Bundler and RubyGems on WebAssembly

# Download prebuilt ruby
curl -LO https://github.com/ruby/ruby.wasm/releases/download/2022-08-09-a/ruby-head-wasm32-unknown-wasi-full.tar.gz
tar xfz ruby-head-wasm32-unknown-wasi-full.tar.gz

# Install the same version of native ruby to avoid bundler version mismatch in "BUNDLED WITH" of Gemfile.lock
rbenv install 3.2.0-dev
rbenv local 3.2.0-dev

noraj

#!/usr/bin/env ruby
require 'csv'

installed_tools = %x(pacman -Sl blackarch).split("\n").grep(/\[installed\]/)

tools_list = []

installed_tools.each do |line|
  _repo, tool, _version, _status = line.split(' ', 4)
  description = %x(pacman -Qs #{tool}).split("\n")[1].strip

MichaelCurrin

Get Pull Requests using GH's GraphQL API

How to get Pull Requests data using Github in the browser, or using the API to allow for automating reporting or building in values into a website.

Resources

• GitHub GQL API: https://developer.github.com/v4/
• Explorer: https://developer.github.com/v4/explorer/
• Github community topics - these were used to understand the syntax needed.

noraj

Lexicon

• BA: BlackArch
• AL: ArchLinux
• SO: StackOverflow

PKGBUILD

• AL PKGBUILD guide: https://wiki.archlinux.org/index.php/PKGBUILD
• BA PKGBUILD templates: https://github.com/BlackArch/blackarch-pkgbuilds

brasey

Configure systemd-resolved to use a specific DNS nameserver for a given domain

Use case

Given

• I use a VPN to connect to my work network
• I'm on a Linux computer that uses systemd-resolved
• I have a work domain called example.com
• example.com is hosted by both public and private DNS nameservers

Moutard3

MP3 Direct Link Hosting

A list of tutorials on how to upload & get direct mp3 link on some websites.

• JukeHost
• Kiwi6 (service is no longer accessible)
• OpenDrive

JukeHost

nepsilon

How to change your commit messages in Git?

At some point you’ll find yourself in a situation where you need edit a commit message. That commit might already be pushed or not, be the most recent or burried below 10 other commits, but fear not, git has your back 🙂.

Not pushed + most recent commit:

git commit --amend

This will open your $EDITOR and let you change the message. Continue with your usual git push origin master.

activeshadow

host_addr = %r{Host: (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})}
open_port = %r{([0-9]+)/open/}

ports = {}

ARGV.each do |f|
  File.foreach(f) do |l|
    l.scan(host_addr) do |a|
      l.scan(open_port) do |p|
        ports[a.first] = [] unless ports.key?(a.first)