Skip to content

Instantly share code, notes, and snippets.

View phaufe's full-sized avatar

Pierre Haufe phaufe

127 followers · 458 following
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active January 17, 2026 05:11
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@burkeholland
burkeholland / prd.md
Created April 10, 2025 19:50
TheUrlist PRD

Project Requirements Document: The Urlist Website

The following table outlines the detailed functional requirements of The Urlist website.

Requirement ID Description User Story Expected Behavior/Outcome
FR001 Creating a New URL List As a user, I want to be able to start a new, empty list so I can begin adding URLs. The system should provide a clear way for the user to initiate the creation of a new list, potentially presenting an empty list view or an "add new list" button.
FR002 A
@hackermondev
hackermondev / zendesk.md
Last active December 25, 2025 23:54
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@zadjii-msft
zadjii-msft / README.md
Last active October 14, 2025 23:37
Warp Workflows for the Windows Terminal

Add all the Warp Workflows to Windows Terminal

With a combination of features all available in Windows Terminal 1.22, you can now add all your favorite Warp Workflows directly to the Windows Terminal.

image image

This works by adding the workflows to your settings via a "settings fragment". You can then open a menu with all these workflows with the openSuggestions action.

@Sagar0-0
Sagar0-0 / PDFViewer.kt
Created June 4, 2024 15:39
Complete gist of the Custom Compose PDFViewer
import android.graphics.Bitmap
import android.graphics.pdf.PdfRenderer
import android.os.ParcelFileDescriptor
import android.util.Log
import androidx.compose.foundation.Image
import androidx.compose.foundation.background
import androidx.compose.foundation.border
import androidx.compose.foundation.gestures.rememberTransformableState
import androidx.compose.foundation.gestures.transformable
import androidx.compose.foundation.layout.Arrangement
@lavafroth
lavafroth / config.toml
Created March 27, 2024 03:10
Helix config for lazygit integration
[keys.normal]
C-g = [":new", ":insert-output lazygit", ":buffer-close!", ":redraw"]
@OrionReed
OrionReed / dom3d.js
Last active January 9, 2026 23:35
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@sebastiancarlos
sebastiancarlos / sqlite3h
Last active December 26, 2025 00:20
sqlite3h - Wrapper around sqlite3 which saves interactive session to a history file
#! /usr/bin/env bash
# All my gist code is licensed under the MIT license.
### UPDATE!
# I noticed that this entire solution is unnecessary, as the following
# produces the same result, and can be put in the sqlite start file.
# ```
# .echo on
# .output "| tee -a history.txt"
@dbreunig
dbreunig / overture_places_to_sqlite.sh
Last active January 23, 2024 14:40
A script for finding the latest Overture release, downloading the parquet files, extracting a subset of the columns into a csv, creating a SQLite database, and loading the csv into a table.
#!/bin/bash
# Create a folder called data
mkdir -p data
# Find the most recent parquet directory with the theme 'places'
recent_dir=$(aws s3 ls s3://overturemaps-us-west-2/release/ --recursive | grep "theme=places" | sort | tail -n 1 | awk -F '/' '{print $1"/"$2"/"$3"/"$4}')
# Extract the release date from the directory path
release_date=$(echo $recent_dir | awk -F '/' '{print $2}')
@dbreunig
dbreunig / overture-places-to-sqlite.py
Last active December 11, 2023 13:06
A (very) simple python CLI to download Overture Places data to a sqlite3 db, given a bounding box.
import click
import duckdb
import sqlite_utils
# Set up click
@click.command()
@click.option("--minx", default=-122.347183)
@click.option("--maxx", default=-122.218437)
@click.option("--miny", default=37.748729)
@click.option("--maxy", default=37.800290)