warning: this list of endpoints was discovered empirically
in case you want to restrict Kibana access to read only, whitelist the following endpoints:
- GET
/app/kibana - GET
/bundles/* - GET
/plugins/* - GET
/api/saved_objects/_find
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Load dev version of sos4R ---- | |
| # | |
| devtools::load_all() | |
| webmockr::disable() | |
| # | |
| # VARIABLES---- | |
| # | |
| .verbose <- TRUE | |
| .saveOriginal <- FALSE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require_once("pkg-utils.inc"); | |
| require_once("notices.inc"); | |
| require_once("util.inc"); | |
| $msg = ''; | |
| $pmsg = ''; | |
| $p = 0; |
hannob
/ squirrelmail-fix-file-disclosure.diff
Created
March 14, 2018 16:23
squirrelmail quick fix for file disclosure vuln presented at Troopers 2018 (#TR18)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- squirrelmail.stable/squirrelmail/class/deliver/Deliver.class.php 2017-01-27 21:31:33.000000000 +0100 | |
| +++ htdocs/class/deliver/Deliver.class.php 2018-03-14 17:21:10.320000000 +0100 | |
| @@ -281,6 +281,7 @@ | |
| global $username, $attachment_dir; | |
| $hashed_attachment_dir = getHashedDir($username, $attachment_dir); | |
| $filename = $message->att_local_name; | |
| + if(!ctype_alnum($filename)) die(); | |
| // inspect attached file for lines longer than allowed by RFC, | |
| // in which case we'll be using base64 encoding (so we can split |
joseluisq
/ stash_dropped.md
Last active
October 3, 2025 09:40
How to recover a dropped stash in Git?
git log --graph --oneline --decorate ( git fsck --no-reflog | awk '/dangling commit/ {print $3}' )This will show you all the commits at the tips of your commit graph which are no longer referenced from any branch or tag – every lost commit, including every stash commit you’ve ever created, will be somewhere in that graph.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public abstract class AbstractJackson2MarshallingTest { | |
| protected ObjectMapper mapper; | |
| @Before | |
| public void setUp() { | |
| mapper = new ObjectMapper(); | |
| mapper.enable(SerializationFeature.INDENT_OUTPUT); | |
| } |