Dr. Pi3ch pi3ch
pi3ch
/ security-bug.js
Created
March 8, 2024 00:43
This Node app takes a 'name' parameter from the URL query string and returns a personalised greeting message. However, it seems having a security bug.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| // requirements | |
| const express = require("express"); | |
| // constants | |
| const PORT = process.env.PORT || 8080; | |
| // main express program | |
| const app = express(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def _validate_url(url: str): | |
| """Should prevent URLs that point to a local network (e.g. localhost) | |
| """ | |
| if search("localhost", url) is not None: | |
| raise Errors.ErrInvalidURL | |
| if search("/latest/meta-data", url) is not None: | |
| raise Errors.ErrInvalidURL | |
| if search("/etc/passwd", url) is not None: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Add to your rc.lua, | |
| -- Create a textclock widget | |
| mytextclock = awful.widget.textclock({ align = "right" }) | |
| mytestclock_tooltip = awful.tooltip({ | |
| objects = { mytextclock }, | |
| timer_function = function() | |
| local now = os.time() | |
| local utcdate = os.date("!*t", now) | |
| local tehran_t = os.time(utcdate) + (3.5*3600) | |
| local ljubljana_t = os.time(utcdate) + (1*3600) |
pi3ch
/ chronocomment2disqus.php
Created
May 16, 2012 14:32
Convert Joomla Chrono comments to Disqus XML format
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * A simple and dirty script to convert Joomla Chrono comments to Disqus (XML) format | |
| * Pi3cH | |
| * May 2012 | |
| * NOTE: You might need to modify the identifier it is now in the format of Y/m/d/slug | |
| * */ | |
| date_default_timezone_set('UTC'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # muttattch.sh | |
| # This script handle all the attachment type in mutt and forward to | |
| # a netcat on port 8083 to view on the remote/local system | |
| # in mutt open attachment and in remote system open localhost. | |
| TEMP="/tmp/muttattch" | |
| PORT=8083 | |
| rm -f $TEMP | |
| mkfifo --mode=600 $TEMP |