はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
In my decade-plus of maintaining my dotfiles, I’ve written a lot of little shell scripts. Here’s a big list of my personal favorites. Clipboardcopy and pasta are simple wrappers around system clipboard managers, like pbcopy on macOS and xclip on Linux. I use these all the time. # High level examples run_some_command | copy pasta > file_from_my_clipboard.txt # Copy a file's contents copy < file.txt
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
Node.js
const watcher = fs.watch(testDirectory, { recursive: true }); watcher.on('change', function (event, filename) {}); Contributed by Yagiz Nizipli in #45098 Other notable changes deps update ICU to 72.1 (Michaël Zasso) #45068 doc add lukekarrys to collaborators (Luke Karrys) #45180 add anonrig to collaborators (Yagiz Nizipli) #45002 lib drop fetch experimental warning (Matteo Collina) #45287 util (SE
We hacked Google’s A.I Gemini and leaked its source code (at least some part)
We hacked Google’s A.I Gemini and leaked its source code (at least some part) Mar 27, 2025 RONI CARTA | LUPIN gemini, llm, google, source code, leak, bug bounty, hack Back to Vegas, and This Time, We Brought Home the MVH Award ! In 2024 we released the blog post We Hacked Google A.I. for $50,000, where we traveled in 2023 to Las Vegas with Joseph "rez0" Thacker, Justin "Rhynorater" Gardner, and my
Node.js
Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing build options that allow dependencies with native code to be externalized. This commit adds additional options so that dependencies with JavaScript code
Large Text Compression Benchmark Matt Mahoney Last update: Mar. 25, 2026. history This competition ranks lossless data compression programs by the compressed size (including the size of the decompression program) of the first 109 bytes of the XML text dump of the English version of Wikipedia on Mar. 3, 2006. About the test data. The goal of this benchmark is not to find the best overall compress
Linux is an interpreter
This is a standalone addendum to an earlier four-part series. Reading the previous parts is not required. Links to previous parts, if you are interested: Part 0: curl > /dev/sda Part 1: Swap out the root before boot Part 2: How to pass secrets between reboots The 3rd and final part: The little chicken shed that could Part 5: you are here In a previous article, I left you with this mysterious comma
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
What’s New In Python 3.13
What’s New In Python 3.13¶ Editors: Adam Turner and Thomas Wouters This article explains the new features in Python 3.13, compared to 3.12. Python 3.13 was released on October 7, 2024. For full details, see the changelog. Summary – Release Highlights¶ Python 3.13 is a stable release of the Python programming language, with a mix of changes to the language, the implementation and the standard libra
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Scripts I wrote that I use all the time
Shai Hulud Strikes Again (v2) - Socket
Large Text Compression Benchmark