Sunday, April 10, 2005
Fun with hex
Stolen from "Best" method names ever...:
These aren't really method names, but nice constant values I've seen (or used) during the years. Hexadecimal fun in the style of "BEEFCACE".const uint LEGACY_VALUE = 0xDEADBEEF;
const uint THUMBS_UP = 0xB00BBABE;
const uint ERROR_TOTAL_FAILURE = 0xFACE0FF;
const bool FALSE_FLAG = (0xCE0 == 0xDEAF);
const bool DEBUG_STATE = (0xDECAF + 0xC0FFEE == 0xBAD);
Saturday, April 09, 2005
What's my name again?
class String
def _;self;end
def+@;($c+=1)>=10&&$c=0;_;end
def-@;print _[$c].chr;_;end
def+;_[$c]+=1;_;end
def-;_[$c]-=1;_;end
def|(*a);_;end
end
$c=0;_="splattael "
++++++++-++-++++++++-++++++-+_|+++++-+-++++-_.-.-
+++-+++++-_.+.+.+|++++-_.+.+|+++++++++-+-_.+.+.+|-_.+|-_.+.+
Inspired by NegaPosi.
XSS in "Code Snippets" [Updated]
Update:
The "XSS tag exploit" shown below will fail because the application doesn't allow single quotes and slashes! Anyway, Peter will fix the XSS issues ASAP...
Outdated:
Peter Cooper's nice "Code Snippets" (rails driven with tag support) is vulnerable to XSS:
(Snipped from my email to Peter)
I hope Peter will fix these issues soon :)
See ror's announcement.
The "XSS tag exploit" shown below will fail because the application doesn't allow single quotes and slashes! Anyway, Peter will fix the XSS issues ASAP...
Outdated:
Peter Cooper's nice "Code Snippets" (rails driven with tag support) is vulnerable to XSS:
(Snipped from my email to Peter)
1. Tags
* http://www.bigbold.com/snippets/tags/ruby<body onload="alert('XSS')">
-> tags should be escaped
2. Create user (http://www.bigbold.com/snippets/login/create)
* Every input field is vulnerable to XSS:
<body onload="alert('XSS')">
-> input field should be escaped
* The URL field accepts "javascript:" URLs: (NOT TESTED)
javascript:alert('XSS')
-> only allow %r{(f|h)ttps?://} (?)
I hope Peter will fix these issues soon :)
See ror's announcement.
Tuesday, April 05, 2005
Searchplugins for Mozilla (IMDb + dict.leo.org)
Here are two useful(?) code snippets for the mozilla searchplugin-engine.
Place these snippets in PREFIX/mozilla/searchplugins/{leo|imdb}.src where PREFIX is e.g. /usr/lib. Restart mozilla.
EN <-> DE Dictionary (LEO)
<search name="Dict Leo"
description="Dict Leo"
method="GET"
action="http://dict.leo.org/se">
<input name="search">
<input name="lp" value="ende">
<interpret
resultListStart='<form action="/mydict/trainer/addWord.php" method="POST" name="WORDS">'
resultListEnd='</form>'
resultItemStart='<td class="td1" valign="middle" width="43%">'
resultItemEnd='</td>'>
</search>
Internet Movie DataBase
<search
name="IMDb"
description="Internet Movie DataBase"
method="GET"
action="http://imdb.com/find">
<input name="q" user>
<interpret
resultListStart='<h2>Popular Results</h2>'
resultListEnd='<b>Suggestions For Improving Your Results</b>'
resultItemStart='<li>'
resultItemEnd='</li>'>
</search>
