avishek 2.0.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 297b8c8f3a7a9bf20b2f0ff41c668ffc2feffac789df1969c7fbb9947aa253e3
+  data.tar.gz: 340691450c1cb1262d1f49595b5c78d060ec2d33397e4167444451253a1cfd27
+SHA512:
+  metadata.gz: c22e69704bab4962187430ad647ba707b2259b228c4e0a931b055eafb931c6ae89364b3e945c6cefa6cc254ae60e268c3ace24bbacd92a7d7e0bb3a7c5277f3a
+  data.tar.gz: a5875c1e1bb13b7aabded9fe4b098c7575ad120f8576c4ed336ab3ca4153e895aee56f77d722bb69dfeae44df33b1f426dfb379d06f3262609d241331937b9e4

data/lib/vulnerable_gem_code.rb

@@ -0,0 +1,13 @@
+# Set the X-XSS-Protection header to 0
+response.headers['X-XSS-Protection'] = '0'
+
+# Check if there is any input
+if params.key?('name') && !params['name'].nil?
+  # Get the input and remove any '<script>' tags
+  name = params['name'].gsub('<script>', '')
+
+  # Feedback for the end user
+  html = "<pre>Hello #{name}</pre>"
+end
+
+

metadata

@@ -0,0 +1,43 @@
+--- !ruby/object:Gem::Specification
+name: avishek
+version: !ruby/object:Gem::Version
+  version: 2.0.5
+platform: ruby
+authors:
+- avishek
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-05-27 00:00:00.000000000 Z
+dependencies: []
+description: 'A simple XSS Vulnerable Sample COde '
+email: ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/vulnerable_gem_code.rb
+homepage: https://rubygems.org/gems/hola
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: sample vulnerable!
+test_files: []