incolumitas.com

No 1. - wp-members: Interesting peristant XSS leading to remote code execution.

Posted on March 15, 2013 in Security • Tagged with Security, Programming • 8 min read

Hey you there!

Type: Stored cross site scripting
Risk: Medium to high
Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek.com

Preface

It has been quite some time since I took concern of my blog, although I would have had some content ready (maybe even worth) to be published. Around six weeks ago, I rummaged (wow - new word!) through endless lines of wordpress plugin code, in the hope to get my hands on some low hanging fruits (In the likely case you don't have a clue what I am talking about: I was searching for easyily detectable security bugs in plugin applications written for wordpress). After analysing for several hours the architecture and design of a randomly chosen target - wp-members, a plugin providing the site owner with the functionality to password protect content on his wordpress site - I was able to detect a pretty nasty bug.

The bug

Alongside with the access restriction mechanism, the plugin furthermore allows users to register. The potential user is presented a nice form, which would transfer an array of registration data to the web server when submitted. Considering this, there is only one possibile location for a sink source and therefore …

Another wordpress catpcha implementation

Posted on January 25, 2013 in Learning • Tagged with Programming, Learning, Security • 6 min read

Hey dear readership and dudelmatz :)

I'm kinda overworked and planned quite a while ago to release my own little captcha implementation to prevent this massive bulk of spam comments I receive on a daily base: It's obnoxious to scroll through this sheer amount of spam comments and delete them. You can't just masstrash them, because you might miss a legit comment and therefore you need to check every single one. I assume the spammer embrace this expected behaviour of a blogger, and therefore exploit it.

So I needed to put a stop to this violation of my spare time and I created my own captcha. Of course, I first searched for a working and already existing solution (and I am sure there are many which are better then what I came up with), but the one I used is basically crap.

Its plugin description states:

Captcha plugin allows you to protect your website from spam using math logic which can be used for login, registration, reseting password, comments forms.

And yeah as I feared this simple elegant captcha is worthless, because math logic is a joke to parse and solve by computers (=>spamscripts). I was pissed and in a mood …

GoogleScraper.py - A simple python module to parse google search results.

Posted on January 06, 2013 in Programming • Tagged with Google, Scraping, Programming, Security • 14 min read

UPDATE on 18th February 2014:

This python module has now its own github repository!

The plugin can extract

All links
Link titles
The description/caption below the links

and has the following features:

Advanced proxy support for SOCKS4/4a/5 and HTTP PROXY
Multithreading
XPATH parsing
Supports almost all search parameters

Please note that this is by no means a permanent version! Heavy structural changes will be implemented in the near future (I'll experiment with asynchronous networking for instance). But on this site, I will always host a working version with instructions how to use it, such that visitors can always use the script!

1. Edit (07.01.2013):

Using requests instead of urllib
Added random User Agents for every new search.
Cleaned the code
Implemented foundation to combine with proxychains

Original Blog Post

Sample output after searching for 'cats are not cute' (sorry) with 100 results per page on 3 ascending pages: results.txt

I always was in need of a fast and reliable working python module to query the google search engine. The google API is rubbish, because they just give you maximally 36 results. This is completly inacceptable!

So, I looked further and found http://code.google …

Linux/Unix privileges from a blackhats perspective

Posted on December 30, 2012 in Security • Tagged with Privilegeescalation, Unix, Security, Filepermissions • 1 min read

Hey folks!

Had some difficulties understanding UNIX file permissions in all it's variations and eternal predisposition to misuse as adminman! Made a little PDF, the independent blog article will follow soon. It's just a pain in the ass to format all that LibreOffice into a nice wordpress format. Next time, I will just do it in plain ASCII 7 Bit style, goddamnit...

Hell, it's time to read some phrack stuff again :)

Download PDF here: blackhats_view

Bullet chess challenge :)

Posted on November 26, 2012 in Chess • Tagged with Learning, Chess • 3 min read

I realised once more, that, when I excessively play bullet chess, I tend to stagnate or my performance even goes down the tubes. The reason behind this, I am assuming, the absence of defined goal or when I play without thinking (as far as thinking in bullet chess is the legit word) or other bad behaviour, as listening to music...

Therefore, I will try a little experiment: I play every day not more than 10 bullet games. This is around 20 minutes of playing. But every time I lose, I have to to 6 full and slow chin-ups. I'll play on chess.com and my starting rating is right now 1924, which actually is pretty high for me. Nevertheless, my goal is to reach ELO 2050. My all time highscore is 1974. Let's go and breake some records...

Ok let the journey begin :)

26.11.2012: 1924 - 1896. Did around 30 chin-ups. Tired as hell. Lost too many times :)
28.11.2012 1896 - 1903. Back in the 1900s. Did lot's of chin ups. My game improved slightly, I think more and deeper. My speed is still to slow...
29.11.2012 1903 - 1900. I am stagnating, I have the impression …

Bullet Chess - A silly game?

Posted on November 05, 2012 in Chess • Tagged with Chess • 6 min read

I define bullet chess as games with one minute time for each player. There are plenty of other definitions, but I think my definition refers to the most common one. This article is definitely worth a read and helps to understand my further deliberations: http://en.wikipedia.org/wiki/Fast_chess

Well, besides my enthusiasm for IT security, I have always been a bullet chess player with myself worrying adictive feautures. It all began around three or four years ago, when I realised that simply too much people tend to use chess engines on online platform and in addition, I was just to nervous and unwilled to calculate and think the average (somehow boring long) length of a entire chess game. Bullet games came perfect in this manner: It is almost impossible to cheat manually in bullet games (of course you could write bots which directly interact with the server through the underlining protocol - HTTP when you're lucky, or some really badass proprietary one, when you have misfortune, but I assume that's a rather low percentage). It turns out, that my renunciation of the original purpose of chess; thinking deep and beeing patient, turned my in a slightly better long time …

Older Posts Newer Posts