Plotting Bézier curves directly and with De Casteljau's algorithm

Posted on October 06, 2013 in Learning • Tagged with Font, Captcha, Programming, Mathematics, Learning, Bézier • 13 min read

Last major Update: 21.10.2013

Github repo that contains the presented code in this post.

Introduction

In this article I will present you a very simple and in no sense optimized algorithm written in Python 3 that plots quadratic and cubic Bézier curves. I'll implement several variants of Bézier rasterization algorithms. Let's call the first version the direct approach, since it computes the corresponding x and y coordinates directly by evaluation of the equation that describes such Bézier curvatures.

The other possibility is De Casteljau's algorithm, a recursive implementation. The general principle is illustrated here. But the summarize the idea very briefly: In order to compute the points of the Bézier curve, you subdivide the lines of the outer hull that are given from the n+1 control points [Where n denotes the dimension of the Bézier curve) at a ratio t (t goes from 0 to 1 in a loop). If you connect the interpolation points, you'll obtain n-1 connected lines. Then you apply the exactly same principle to these newly obtained lines as before (recursive step), until you finally get one line remaining. Consider again the point at the ratio t on this single line left and …


Continue reading

No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.

Posted on July 27, 2013 in Programming • Tagged with Exploit, Programming, Bug, Security, Xss, Rce • 12 min read

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of secure programming techniques and has inherent design flaws as far
as I can say this [I am not a software engineer, I do security as a hobby]. Assumingly, this is a direct result of heterogenous and
evolutionary growth of the software.
I researched flash-album-gallery mainly in June 2013 and after some weeks I found a CSRF vulnerability in combination with
a stored XSS. But on the same time I was preparing to contact the author and reveal my findings, I noticed a new version and
the bug seemed to be found by an independent researcher. See below the lines Fix: vulnerability with albums and Fix: XSS bugs reported by Ken …


Continue reading

Major Redesign of incolumitas.com

Posted on July 24, 2013 in Learning • Tagged with Themeprojectsnewredesigncsshtml, Meta, Learning, Uncategorized • 2 min read

Hello everybody!

I finally found some motivation and time to give my blog a design upgrade - Basically an endavour that was overdue since this blog has seen the light of the day ;)

On the technical side, this theme is a complete redevelopment. It's not finished yet, on the contrary, it's the very first version and there remain a lot of issues that need to be resolved. For instance: The majority of the CSS code is still rather dirty and of experimental nature. Additionally, I want to include an image slideshow based on unslider.js. Your template function in the your theme would then look something like the following:

if ( ! function_exists( 'clearcontent_header_slider' )):
/*
 * This function includes a minimal jquery slideshow into the header of the site. It uses unslider.js in 
 * order to achieve this objective. Link to github site: https://github.com/idiot/unslider
 */
function clearcontent_header_slider() {
    ?>

    <div class="header-slideshow">
        <ul>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/1.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/2.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/3.png' ?>');"></li>
        </ul …

Continue reading

Python and curses - A small textbox selection example.

Posted on June 02, 2013 in Learning • Tagged with Programming, Learning • 4 min read

Hey dear readership :)

What.

I recently was in a need of a handy  and nice way (not just pragmatic) to chose between different entities in the command line, each of them constituting an option. Surely, you can craft a simple menu with standard I/O functions, but I wanted to explore something different and more beautiful.

Therefore I found curses, a simple wrapper around ncurses, the famous BSD/UNIX library for portable advanced terminal handling.

So, I dived into this library, I'd recommend this tutorial for everyone who wants to deal with this old school stuff...

How.

You can check out the recent script on my github site. Here is a copy, for everyone to lazy to look it up:

import curses

# Author: Nikolai Tschacher
# Date: 02.06.2013

class BoxSelector:
    """ Originally designed for accman.py.
        Display options build from a list of strings in a (unix) terminal.
        The user can browser though the textboxes and select one with enter.
    """

    def __init__(self, L):
        """ Create a BoxSelector object. 
            L is a list of strings. Each string is used to build 
            a textbox.
        """
        self.L = L
        # Element parameters. Change them here.
        self.TEXTBOX_WIDTH = 50
        self.TEXTBOX_HEIGHT = 6

        self.PAD …

Continue reading

Create anonymous identites with fakenamegenerator.com and Python

Posted on May 30, 2013 in Programming • Tagged with Programming • 3 min read

Introduction

Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words). However, today I want to show you how to forge random identites with a site called fakenamegenerator.com. I use Python 3 and a unoffical branch of socksipy,  a nice module which enables you to tunnel TCP/IP streams through a remote server, commonly used to disguise your real IP address. There are three availabe modes, SOCKS4, SOCKS5 and HTTP. In this blog post, I use SOCKS5, since I install TOR and route my requests through a local proxy sitting on 127.0.0.1:9050.

Why and what

The team behind fakenamegenerator.com writes on their site:

Name: Names are generated by randomly pulling a first and a last name out of a database. The database was compiled from public domain sources. [...]

Street address: The house number is a randomly generated number. The street name is pulled from a database of plausible street names for the state/country being generated. Odds are that the generated street address is not valid.

City, state, and postal code: We have compiled a …


Continue reading

No 1. - wp-members: Interesting peristant XSS leading to remote code execution.

Posted on March 15, 2013 in Security • Tagged with Security, Programming • 8 min read

Hey you there!

Type: Stored cross site scripting
Risk: Medium to high
Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek.com

Preface

It has been quite some time since I took concern of my blog, although I would have had some content ready (maybe even worth) to be published. Around six weeks ago, I rummaged (wow - new word!) through endless lines of wordpress plugin code, in the hope to get my hands on some low hanging fruits (In the likely case you don't have a clue what I am talking about: I was searching for easyily detectable security bugs in plugin applications written for wordpress). After analysing for several hours the architecture and design of a randomly chosen target - wp-members, a plugin providing the site owner with the functionality to password protect content on his wordpress site - I was able to detect a pretty nasty bug.

The bug

Alongside with the access restriction mechanism, the plugin furthermore allows users to register. The potential user is presented a nice form, which would transfer an array of registration data to the web server when submitted. Considering this, there is only one possibile location for a sink source and therefore …


Continue reading