Wildcard redirects for paths in Google Domains

The Goal: redirect www.example.com/product/* to www.example.com/product using Google Domains

Background: I’m using github pages to host my site so I cannot add an htaccess file like a more traditional site. Also I had some issues with emails from my domain going to spam when I used Cloudflare.

There doesn’t seem to be an option to simply set up wildcard redirects for paths. it’s just subdomain.

Wildcard SSL issued by Plesk not working for subdomains

I’ve got a Plesk setup which issues Letsencrypt certificates and hosts part of my client websites. When passing the _achme-challenge and receiving a wildcard certificate / installing said certificate it seems that part of the subdomains which aren’t hosted with me still give a certificate error.

My setup in the DNS is currently as follows:

  • domain.com – A informational website hosted on my Plesk server.
  • dev.domain.com – A separate dev site hosted on another IP address eg 123.481.123.12
  • live.domain.com – Another application entirely, hosted by me and working with the current SSL

As far as I understand this, the other party from dev.domain.com also needs to install a wildcard certificate on their end? Or is there something wrong with my certificate itself.

Can’t understand difference in fulltext results – contains, contains with wildcard, freetext

I have a table with an fulltext index on the column named Filecontent. The table has a row where content contains "W 917". For context, the content column on this rows contains much more than just what I’m searching for.

I don’t understand why I’m getting different results depending on whether I’m using contains, contains with wildcard or freetext. Why is CONTAINS without wildcard getting results, but CONTAINS with wildcard doesn’t?

-- Searching for "W 917" -- No match - CONTAINS with wildcard SELECT * FROM InvoicePDFContent t1 WHERE CONTAINS(t1.Filecontent, '"W 917*"')  -- Match - CONTAINS SELECT * FROM InvoicePDFContent t1 WHERE CONTAINS(t1.Filecontent, '"W 917"')  -- Match - FREETEXT SELECT * FROM InvoicePDFContent t1 WHERE FREETEXT(t1.Filecontent, '"W 917"')   -- Searching for "W" -- Match - CONTAINS with wildcard SELECT * FROM InvoicePDFContent t1 WHERE CONTAINS(t1.Filecontent, '"W*"')  -- No match - CONTAINS SELECT * FROM InvoicePDFContent t1 WHERE CONTAINS(t1.Filecontent, '"W"')  -- No match - FREETEXT SELECT * FROM InvoicePDFContent t1 WHERE FREETEXT(t1.Filecontent, '"W"') ´´´ 

Best practice in IIS of redirect (wildcard) from one domain to another?

We are moving domains and servers. I have newdomain.com set up on new server (SSL).

I want to shut off old domain. I will get old domain pointed to new server.

Is it better in IIS to add the olddomain.com bindings on new server under the same IIS Site? Or is it better to create a new IIS site for olddomain.com and redirect it to the newdomain.com from there?

Another dimension in here is we could have links in both http and https but sites both require https. So one of the things I am worried about is redirecting http://olddomain.com/xyz/index.html and that it needs to redirect correctly to https://newdomain.com/xyz/index.html

Privilege Escalation – WildCard Injection doesn’t work

I have a cronjob that runs a backup script every minutes enter image description here

As you can see, this script is vulnerable a TAR Command Injection because it accepts * (wildcard) as input

enter image description here

I add a 2 files called “checkpoint..” (parameter) for the TAR command where i say to execute the shell script that add a entry to my /etc/sudoers file in order to do a Priv Esc.

enter image description here

In this way, crontab should runs every minutes the backup.sh that executes the TAR command that executes my script shell that add a entry to /etc/sudoers as root.

But it doesn’t work, like you can see the /etc/sudoers is like before.

enter image description here

But if i run the backup.sh script manually, (not using the crontab), it works!

enter image description here

Where am I doing wrong?

Thanks

How does the asterisk (*) work in the wildcard matching problem?

This is a wildcard matching problem. Given a pattern P containing letters and character * that can match an arbitrary string of characters (including an empty string), my task is to write a polynomial-time algorithm to determine whether such a pattern P occurs in a given text T. So here is my answer for the problem.

We can use dynamic programming to solve this problem. Let us have a 2D boolean array dp[i][j]. dp[i][j] returns true if there is a match between the pattern and the string.  Initialize dp[i][j] = false  -dp[0][0] = true since an empty string matches an empty pattern.  -dp[0][j] = dp[0][j-1] (= true) if P[j] = * for 1<= j <=m since an empty string matches ‘*’ as long as previous characters match. In other words, once P[j-1] != “*”, dp[0][j] will be false afterwards.  -If P[j] = ‘*’, we have dp[i][j] = dp[i-1][j] || dp[i][j-1]  For dp[i-1][j], ‘*’ acts as an empty string. E.g. ab and ab*  For dp[i]p[j-1], ‘*’ acts as any sequences. E.g. abcd and ab*  In other words, if P[j] = ‘*’ and (dp[i-1][j] || dp[i][j-1]) = true, dp[i][j] = true    -If P[j] = T[i], it boils down to match T(i-1) and P(j-1). dp[i][j] = dp[i-1][j-1]  For other cases, dp[i][j] is false.  Pseudocode:  tLen = T.length  pLen = P.length    Initialize dp[tLen+1][pLen+1] = false  Dp[0][0] = true  For j = 1 to pLen            If P[j] = ‘*’                     dp[i][j] = dp[0][j-1]  for i =1 to tLen            for j=1 to pLen                     if P[j] = ‘*’                               dp[i][j] = dp[i][j-1] or dp[i-1][j]                     else if P[j] = T[i]                               dp[i][j] = dp[i-1][j-1]                      else   dp[i][j] = false  Return dp[tLen][pLen]   The algorithm fills a tLen x pLen table, so the running time is O(nm)   

During a discussion in class, my professor said my answer is vague. He asked me if I had considered * can appear in the middle of the pattern and it can appear several times in the pattern. In particular, consider pattern

abcccdeeef

and string

abcdcccccdefefeefeeef

How does this algorithm determine, which c in the pattern should match with which c in the text? How does it with e?

My understanding towards this problem is that what matters is the final result of dp[tLen][pLen] and we use a table to compare substrings with each other.The character * would probably match any character it encounters. We just derive our answers from previous steps to fill out the whole table so that we can get the final result of dp[tLen][pLen]. However, for his specific question, I can’t think of a reasonable way to answer. Any help with the explanation would be appreciated.

Why CORS is still securing an open api where all requests have a wildcard (*)?

In case of an open API, the only possible value for Access-Control-Allow-Origin is a wildcard (*), since you can’t have a list of allowed domains.

Still, this seems not to bug developpers and appears to keep the system secure. How is that possible? Isn’t allowing all domains to make every request the same as not having SOP or CORS Policy?

It might be that I don’t really get the security provided by CORS, but as I understood it, it avoid an unwanted domain to use session cookies of a user without his consent. Still, I don’t get why it protect the user to see his account used for unwanted purposes once a data modifying route is opened to this domain.