-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.rb
More file actions
119 lines (85 loc) · 2.15 KB
/
app.rb
File metadata and controls
119 lines (85 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# encoding: utf-8
require 'sinatra'
require 'rubygems'
require 'openssl'
require 'securerandom'
require 'net/http'
require 'json'
require 'rdiscount'
#gem 'unicorn'
set :markdown , :layout_engine => :erb
set :views, settings.root
set :public_folder, 'public'
disable :sessions
get '/.well-known/acme-challenge/qXPH3ZqkxObO8uIIPycivfjDW9ATV5xk0MFFzTq-NmI' do
'qXPH3ZqkxObO8uIIPycivfjDW9ATV5xk0MFFzTq-NmI.ICHbH4l6kDtZHuoWqopR4CECZOBS--q39INEkm8FypI'
end
get '/' do
@unwrapped = true
erb :index
end
get '/blog' do
@unwrapped = true
File.open('public/blog/index.html')
end
get '/contact' do
@sent = 1 if params[:sent]
erb :contact
end
get '/oauth' do
markdown :"oauth"
end
get '/otp' do
erb :otp
end
get '/inputs' do
erb :inputs
end
get '/securelogin' do
erb :securelogin
end
get '/research' do
markdown :'research'
end
get '/amirendered' do
"<script>fetch('http://localhost:3000')</script>"
end
get '/avatar.svg' do
response.headers['content-type'] = params[:type] || 'image/svg+xml'
'<svg xmlns="http://www.w3.org/2000/svg"><script>alert(location.origin+" "+document.cookie)</script></svg>'
end
get '/a.jpg' do
response.headers['x-xss-protection'] = '0'
response.headers['content-type'] = params[:type] || 'image/svg+xml'
params[:b]
end
jq = lambda do
response.headers['access-control-allow-origin'] = request.env['HTTP_ORIGIN'] || '*'
response.headers['Access-Control-Allow-Headers'] = 'x-requested-with'
response.headers['access-control-allow-credentials'] = 'true'
response.headers['content-type'] = 'text/javascript'
params[:p] ? params[:p] : 'alert(document.domain);'
end
get '/jqueryxss', &jq
post '/jqueryxss', &jq
put '/jqueryxss', &jq
$LAST = 0
$AVG = []
racer = lambda do
now = Time.now.to_f
diff = now - $LAST
$LAST = now
$AVG.push(diff) if diff < 5
$AVG = [] if params[:reset_avg]
sleep params[:sleep].to_f if params[:sleep]
avg = $AVG.inject{ |sum, el| sum + el }.to_f / $AVG.size
"now #{now.round(4)} - #{params[:a]}
diff #{diff.round(4)}
avg #{avg.round(4)}
ip #{request.ip} #{@env['REMOTE_ADDR'] }
"
end
head '/r', &racer
get '/r', &racer
post '/r', &racer
put '/r', &racer