| 日時: | 2024-02-01 |
|---|---|
| 作: | 時雨堂 |
| 資料 バージョン: | 2024.1 |
| GitHub URL: | https://github.com/shiguredo/momo |
| 製品 URL: | https://momo.shiguredo.jp/ |
Shinichiro Aska s-aska
| 日時: | 2017-07-21 |
|---|---|
| 作: | @voluntas |
| バージョン: | 0.6.0 |
| URL: | https://voluntas.githu.io/ |
突っ込みは Twitter @voluntas まで。
mala
/ gist:457a25650950d4daf4144f98159802cc
Last active
September 28, 2016 12:55
CVE-2016-7401 CSRF protection bypass on a site with Google Analytics の解説
CVE-2016-7401
-
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
-
pythonのcookie parserが ; 以外もpairsの区切り文字として解釈するので、google analyticsのreferrer経由でsetされるcookieを使ってCSRF tokenを上書き可能だったという問題。
-
django側でcookie parser自前で実装、python本体は直ってないようだ https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
多くのcookie parserは、pairsの区切りとして ; と , を許容しているのでdjango以外にも影響がある。 ブラウザが使用するcookie pairの区切りは実際には ;
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'rack/reverse_proxy' | |
| use Rack::ReverseProxy do | |
| reverse_proxy '/callback', 'http://example.com/' | |
| end | |
| app = proc do |env| | |
| [ 200, {'Content-Type' => 'text/plain'}, ["OK"] ] | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra' | |
| require 'httpclient' | |
| CALLBACK_URI = URI.parse('http://example.com/callback') | |
| configure do | |
| set :httpclient, HTTPClient.new | |
| end | |
| post '/callback' do |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| use warnings; | |
| my @array = ( 115, 117, 112, 112, 111, 114, 116, 101, 100, 32, 98, 121, 32, 76, 105, 118, 101, 115, 101, 110, 115, 101, 32, 73, 110, 99, 46, 10); | |
| for my $c (@array){ | |
| printf "%c",$c; | |
| } |
cucmberium
/ gist:e687e88565b6a9ca7039
Last active
February 28, 2024 01:23
Twitterの検索API & Twitterでの検索術
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| use warnings; | |
| use Time::Piece; | |
| use Pod::Usage; | |
| &main; exit; | |
| sub show($) { | |
| my $time = shift; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class HomePresenterImpl implements HomePresenter { | |
| private static final String TAG = HomePresenterImpl.class.getSimpleName(); | |
| private final HomeScreen screen; | |
| private final DataProvider provider; | |
| private Subscription subscription1; | |
| public HomePresenterImpl(HomeScreenImpl screen, DataProvider dataProvider) { | |
| this.screen = screen; | |
| this.provider = dataProvider; | |
| } |
NewerOlder