Monday, May 26, 2014

My dog is pretty weird.


Friday, March 28, 2014

check procs using the most memory

alias checkmem='ps -A --sort -rss -o pid,comm,pmem,rss |head -10'


probably taken from here - www.cyberciti.biz/faq/linux-check-memory-usage, but it's been in my .bashrc for so long
I can't be sure.

Friday, June 14, 2013

Cloud file-sharing vulnerability

Picture this scenario: A "cloud" filesharing service, backed by some well-known investors and in the business for a few years, provides a service that allows clients to share files and folders with others.

UserA sends a folder to UserB with no password security (default setting). The link arrives in an email as:

https://companyXYZ.unknown-filesharing-company.com/asdf.php?folderName=20130201&fileName=asdfasdf222

UserB visits the link. The parameters for the POST following the GET for that link look like:

POST /publicPage.json HTTP/1.1
start=0&limit=1000&sort=f_name&dir=ASC&pubFolderPath=%2FShared%2FDocuments%2FSharedFolderName&userId=43211234&entryId=12ab34cd….&xsrfToken=321cba…

Sunday, September 23, 2012

login.secureserver.net (GoDaddy webmail) XSS - fixed

A few weeks back, I notified Godaddy.com support about an XSS vulnerability on their webmail login page, login.secureserver.net. Turns out secureserver.net wasn't as secure as they had hoped it would be. The underlying problem was that they were allowing arbitrary parameters to be passed without sanitizing the input. They've since fixed it to HTML escape the characters in the params.

To give credit where credit is due, I found out not long ago that http://xss.cx found the bug a few days before I did and did a better job at reporting it. They also found more bugs around this time last year.

http://xss.cx/2012/08/08/ghdb/xss-cross-site-scripting-cwe79-capec86-javascript-injection-rest-url-parameter-example-poc-report-godaddycom.html

And before that...

http://xss.cx/2011/09/16/ghdb/dork-xss-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-insecure-configuration-weak-programming-http-cookie-without-secure-flag-set-injection-example-poc-report-01.html#2.12

Screenshots of my POC bugs below. Pity that I couldn't get it to work on a WebKit-based browser ; (



Tuesday, August 7, 2012

What happened when I deleted standalone/tmp/vfs/

So I was trying to clear up some disk space on one of our Liferay servers and deleted the temporary deployment files under /apps/liferay/jboss-7.0.2/standalone/tmp/vfs/. After I rm -rf'ed the crap out of that directory and started the server back up I saw that it did not want to start. Great, it's the end of the day and I've just downed a box. YAY.

boot.log spits out:

20:14:24,985 ERROR [stderr] Exception in thread "Controller Boot Thread" java.lang.RuntimeException: org.jboss.as.controller.persistence.ConfigurationPersistenceException: Failed to parse configuration
20:14:24,985 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:89)
20:14:24,986 ERROR [stderr] at java.lang.Thread.run(Thread.java:722)
20:14:24,987 ERROR [stderr] Caused by: org.jboss.as.controller.persistence.ConfigurationPersistenceException: Failed to parse configuration
20:14:24,987 ERROR [stderr] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:115)
20:14:24,987 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:104)
20:14:24,988 ERROR [stderr] at org.jboss.as.server.ServerService.boot(ServerService.java:195)
20:14:24,988 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:83)
20:14:24,989 ERROR [stderr] ... 1 more
20:14:24,990 ERROR [stderr] Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
20:14:24,990 ERROR [stderr]  at [row,col {unknown-source}]: [1,0]
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:677)
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2104)
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2010)
20:14:24,992 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1102)
20:14:25,003 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1125)
20:14:25,003 ERROR [stderr] at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:57)
20:14:25,004 ERROR [stderr] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:107)
20:14:25,004 ERROR [stderr] ... 4 more

Since the first line is complaining about the configuration, I figured I'd take a look at standalone.xml. Wait a sec, why is it blank? Mystery solved.

Copied the latest backup config back to it's rightful location and started it up.

cp /apps/liferay/jboss-7.0.2/standalone/configuration/standalone_xml_history/<year-month-date-timestamp>/standalone.last.xml /apps/liferay/jboss-7.0.2/standalone/configuration/standalone.xml 

Success. If I can consistently reproduce this, it may be worthwhile to file a bug report.