Skip to content

Instantly share code, notes, and snippets.

View phelipetls's full-sized avatar

Phelipe Teles phelipetls

43 followers · 24 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active April 24, 2025 04:34
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@thesamesam
thesamesam / xz-backdoor.md
Last active April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@OrionReed
OrionReed / dom3d.js
Last active April 19, 2025 12:06
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@JohnPhamous
JohnPhamous / chaos-string-test.js
Last active November 19, 2024 23:32
export const chaosTestStrings = (): void => {
const textNodes = getAllTextNodes(document.body);
for (const node of textNodes) {
const textNodeLength = node.textContent ? node.textContent.length : 0;
if (node.textContent === null) {
return;
}
if (node.parentElement instanceof Element) {
if (node.parentElement.dataset.originalText === undefined) {
@arthurvi
arthurvi / !!-boolean-double-negation-double-bang.md
Last active April 8, 2025 10:57
!! vs. Boolean()

Boolean() or !! (double bang, double negation)?

What's the best way to answer the question "true or false?" in JavaScript

JavaScript does not bother you too much with types (at first), which is both a blessing and a cure. But we all know the Boolean type. Boolean variables can either be true or false. Yes or no.

Every value in JavaScript can be translated into a boolean, true or false. Values that translate to true are truthy, values that translate to false are falsy. Simple.

This is about two ways to make that translation.

@kentcdodds
kentcdodds / abort-controller.js
Created April 3, 2020 23:32
function useAbortController() {
const abortControllerRef = React.useRef()
const getAbortController = React.useCallback(() => {
if (!abortControllerRef.current) {
abortControllerRef.current = new AbortController()
}
return abortControllerRef.current
}, [])
React.useEffect(() => {
@romainl
romainl / path.md
Last active March 12, 2025 11:05
Off the beaten path

Off the beaten path

What is &path used for?

Vim uses :help 'path' to define the root directories from where to search non-recursively for files.

It is used for:

  • gf, gF, <C-w>f, <C-w>F, <C-w>gf, <C-w>gF,
  • :find, :sfind, :tabfind,
@romainl
romainl / eslint-standard.md
Last active November 9, 2024 20:55
Painless ESLint/Standard integration

Painless ESLint/Standard integration

Our goal, here, is threefold:

  • use Vim's built-in features to their fullest,
  • be a good project citizen even if we don't use $EDITOR_DU_JOUR,
  • have a minimal but beneficial impact on the infrastructure of the project we work on.

Expose a simple interface for linting at the project level

@kripod
kripod / Box.tsx
Last active February 6, 2025 07:44
Superseded by https://www.kripod.dev/blog/behind-the-as-prop-polymorphism-done-well/ – Polymorphic `as` prop for React components with TypeScript
import React from 'react';
// Source: https://github.com/emotion-js/emotion/blob/master/packages/styled-base/types/helper.d.ts
type PropsOf<
// eslint-disable-next-line @typescript-eslint/no-explicit-any
E extends keyof JSX.IntrinsicElements | React.JSXElementConstructor<any>
> = JSX.LibraryManagedAttributes<E, React.ComponentPropsWithRef<E>>;
export interface BoxOwnProps<E extends React.ElementType = React.ElementType> {
as?: E;
@mirsella
mirsella / gist:0adb901356ddd66e624e9e9df87b9141
Last active July 15, 2020 21:49
ex()
ex ()
{
if [ -f $1 ] ; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.tar) tar xf $1 ;;