Collaborate Disseminate
was trying to brute force a random number generated by the ruby method rand which generated a random float number between 0.0 and 1.0 excluding 1.0.
so for example I have this code:
Time.now.to_s.split(//).sort_by {rand}.join
this produce… Continue reading brute forcing a pseudoRandom number Generator
I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it is vulnerable.
this is the line of cod… Continue reading exploiting the scenario and how to generate a secure reset password token
I was trying to exploit the constantize method in ruby for remote code execution. for example I have this line code:
@mygroups = params[:group][:type].constantize.new(params[:group])
and in the request I sent the following payload:
group%… Continue reading ruby on rails constantize exploitation
I tried to reverse engineer an apk app, and it was loading a native code. I have observed that the app was using the native code like this
public static String v = sUQWWyTBEs().toString().substring(32, 37);
the disassembled function sUQW… Continue reading what do these assembly code doing? [migrated]
I was trying to test and intercept traffic from an app developed on Rhodes open source framework, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can intercept other apps on my device but I a… Continue reading Intercept HTTP Traffic of an android app?