Intigriti challenge 0422

Posted on April 24, 2022 by lzzluca

For a while now, the monthly XSS challenge from Intigriti is one of my favorite appointment: every month I make sure to have at least a good look at it. Some months there are clues on the code that click with me and some months the code really does not click. For this month’s challenge, the code clicked!

I am going to anticipate the solution, which looks like this:

https://challenge-0422.intigriti.io/challenge/Window%20Maker.html?config[window-toolbar][constructor][prototype][1]=8080&settings[root][innerHTML][]=%3Ciframe%20src%3Djavascript:alert(document.domain)%3E%3C/iframe%3E&settings[root][vnodes]

Table of contents

Continue reading
Posted in Pentesting | Tagged , , | Leave a comment

Intigriti challenge 0222

Posted on February 13, 2022 by lzzluca

Recently I was happily busy solving the February 2022 Intigriti XSS challenge: this post wants to be a description of the chain of thoughts that brought to the solution.
I am going to anticipate the solution, which looks like this:

https://challenge-0222.intigriti.io/challenge/xss.html?q=%3Cstyle%20onload=eval(uri)%3E&first=%0Aalert(document.domain)

Table of contents

Continue reading
Posted in Pentesting | Tagged , , | Leave a comment

Lint only touched files with Webpack

Posted on November 19, 2016 by lzzluca

Recently I had to add a linter on a project in which the codebase was never linted before. I am talking about a big codebase in which a team have worked on it for years already.

Obviously, the amount of errors thrown from the linter, was such a big number to become an useless information.

With my team mates, we agreed on run the linter only on the “touched” files: the behaviour we wanted was to get the linter parsing every file that gets changes.

Continue reading

Posted in Javascript | Tagged , , , , , | Leave a comment

Be careful with your fix!

Posted on March 20, 2014 by lzzluca

I think many times the code grows wrong (also) because of some wrong solutions… Little example: yesterday I was sending an email by Gmail, an attachment was included to the mail.

Correctly, I wasn’t able to send the mail (clicking the “send” button) until the attachment wasn’t completely uploaded.

Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Code readibility: little zoom on Implements from MooTools

Posted on August 16, 2013 by lzzluca

I would like to spend a few lines about the Implements feature, from MooTools.

Like many other frameworks / toolkits, MooTools provides utilities for DOM manupulation, effects, etc… but what i really enjoy is the way it provides writing code, by its Class function. From Wikipedia:

Every JavaScript framework has its philosophy, and MooTools is interested in taking full advantage of the flexibility and power of JavaScript in a way that emphasizes greater modularity and code reuse.MooTools accomplishes these goals in a way that is intuitive to a developer coming from a class-based inheritance language like Java with the MooTools Class object.

It is not the goal of this post to write about how i see the code readibility improved by using Class; just click here for my own Class clone to know more.

What i would like to talk about here is the Class’s feature called Implements: it is a tool to reuse code, many times confused with Extends, and it is considered confusing from many sources.

Continue reading

Posted in Code readibility, Javascript, MooTools | Tagged , , , , , , , | Leave a comment

Vim hot stuff: marks

Posted on July 12, 2013 by lzzluca

In the (new) “vim hot stuff” section, i would like to post about those Vim’s features that, when you meet them the first time, you think: “UAO! That is cool! How did i survive without it so far?”. The best example, for me, is the option “:set relativenumber” (from the 7.3); i think i was waiting for it from my beginning with Vim and i have realized how much i was waiting for it the first time that i have met it!

About the feature i am going to introduce here, i was googling for “how to select multi line in visual mode quicker” and i was led to this solution:

… I know that some people use marks extensively to make visual selections. For example, if I’m on line 5 and I want to select to line 35, I might press ma to place mark a on line 5, then :35 to move to line 35. Shift + v to enter linewise visual mode, and finally `a to select back to mark a.

Continue reading

Posted in Tips, vim hot stuff | Tagged , , , , , , , , | Leave a comment

Git: how to rewrite the branch history

Posted on June 6, 2013 by lzzluca

Quick tip for those git users that, like me, make a lots of commits in their working branch and want to keep only the last one, before send the branch to production. Yes, the idea is to use this method before send the branch to production: it is not a good idea, to change the history of a project that has many persons working on it!

It is true that, by this method, I resetted the GitHub history of some personal projects, when they were already pushed: i didn’t get any problems, because i was the only person to commit on those projects!.

Continue reading

Posted in Programming, Tips | Tagged , , , , , | Leave a comment

Coding tips: accessing the data structure

Posted on April 16, 2013 by lzzluca

I think it is really important keep the code more general and flexible as possible; one rule, that i would like to introduce here, is to use the right level of abstraction when accessing the data structure elements, trying to centralize the read / write operations on them.

Many times i saw pieces of code that work directly on the data structure: that is a problem when that data structure, at some point, gets changed and then the developers are forced to manually update every line of code involved with it.

Continue reading

Posted in Javascript, jQuery, Programming, Tips | Tagged , , , , , , , | Leave a comment

A “Class” function to define classes in Javascript with MooTools like syntax

Posted on November 14, 2012 by lzzluca

Updated the 08/02/2013

I really enjoy to organize my Javascript code as objects and get profit by using inheritance.

“Approaching Javascript as Javascript and not as Java”, i read that so many times; Javascript is / can be OOP and i always thought about OOP as something good for code reusing.

I think the OOP nature of Javascript is all around the prototypal chain; a constructor function is the only way to define objects that achives these two points:

  1. members on the prototypal chain
  2. the constructor property and the instance of operator working as intended

What i am going to introduce here is a function Class that uses another syntax to achieve the same, native result than the constructor functions; i am avoiding closures as class pattern because they don’t store members on the prototype (but they are a good way to define private members).

I think that the Class function makes the syntax less redundant and verbose, moving the focus from the function to the prototype. Also, it provides tools for code reusing: Javascript has native inheritance but not native tools to use it.
A more expressive syntax to write objects in OOP approach, as Class function tries to provide, is in my opinion a good way to help the development.

Continue reading

Posted in Javascript, jQuery, My code, Programming | Tagged , , , , , , | 7 Comments

A quick digression about the constructor property in Javascript

Posted on November 6, 2012 by lzzluca

When i think about the constructor, i think about the function called when a class is instantiated. Well, that is true about Java but i would like to write about the constructor in Javascript.

For me is a challenge write about the constructor; after years of Javascript i still see it as something confusing; anyway recently i had the opportunity to go through it and i would like to write here some considerations.

Continue reading

Posted in Javascript, Programming | Tagged , , , | Leave a comment