Plotting Bézier curves directly and with De Casteljau's algorithm

Posted on October 06, 2013 in Learning • Tagged with Font, Captcha, Programming, Mathematics, Learning, Bézier • 13 min read

Last major Update: 21.10.2013

Github repo that contains the presented code in this post.

Introduction

In this article I will present you a very simple and in no sense optimized algorithm written in Python 3 that plots quadratic and cubic Bézier curves. I'll implement several variants of Bézier rasterization algorithms. Let's call the first version the direct approach, since it computes the corresponding x and y coordinates directly by evaluation of the equation that describes such Bézier curvatures.

The other possibility is De Casteljau's algorithm, a recursive implementation. The general principle is illustrated here. But the summarize the idea very briefly: In order to compute the points of the Bézier curve, you subdivide the lines of the outer hull that are given from the n+1 control points [Where n denotes the dimension of the Bézier curve) at a ratio t (t goes from 0 to 1 in a loop). If you connect the interpolation points, you'll obtain n-1 connected lines. Then you apply the exactly same principle to these newly obtained lines as before (recursive step), until you finally get one line remaining. Consider again the point at the ratio t on this single line left and …


Continue reading

No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.

Posted on July 27, 2013 in Programming • Tagged with Exploit, Programming, Bug, Security, Xss, Rce • 12 min read

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of secure programming techniques and has inherent design flaws as far
as I can say this [I am not a software engineer, I do security as a hobby]. Assumingly, this is a direct result of heterogenous and
evolutionary growth of the software.
I researched flash-album-gallery mainly in June 2013 and after some weeks I found a CSRF vulnerability in combination with
a stored XSS. But on the same time I was preparing to contact the author and reveal my findings, I noticed a new version and
the bug seemed to be found by an independent researcher. See below the lines Fix: vulnerability with albums and Fix: XSS bugs reported by Ken …


Continue reading

Python and curses - A small textbox selection example.

Posted on June 02, 2013 in Learning • Tagged with Programming, Learning • 4 min read

Hey dear readership :)

What.

I recently was in a need of a handy  and nice way (not just pragmatic) to chose between different entities in the command line, each of them constituting an option. Surely, you can craft a simple menu with standard I/O functions, but I wanted to explore something different and more beautiful.

Therefore I found curses, a simple wrapper around ncurses, the famous BSD/UNIX library for portable advanced terminal handling.

So, I dived into this library, I'd recommend this tutorial for everyone who wants to deal with this old school stuff...

How.

You can check out the recent script on my github site. Here is a copy, for everyone to lazy to look it up:

import curses

# Author: Nikolai Tschacher
# Date: 02.06.2013

class BoxSelector:
    """ Originally designed for accman.py.
        Display options build from a list of strings in a (unix) terminal.
        The user can browser though the textboxes and select one with enter.
    """

    def __init__(self, L):
        """ Create a BoxSelector object. 
            L is a list of strings. Each string is used to build 
            a textbox.
        """
        self.L = L
        # Element parameters. Change them here.
        self.TEXTBOX_WIDTH = 50
        self.TEXTBOX_HEIGHT = 6

        self.PAD …

Continue reading

Create anonymous identites with fakenamegenerator.com and Python

Posted on May 30, 2013 in Programming • Tagged with Programming • 3 min read

Introduction

Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words). However, today I want to show you how to forge random identites with a site called fakenamegenerator.com. I use Python 3 and a unoffical branch of socksipy,  a nice module which enables you to tunnel TCP/IP streams through a remote server, commonly used to disguise your real IP address. There are three availabe modes, SOCKS4, SOCKS5 and HTTP. In this blog post, I use SOCKS5, since I install TOR and route my requests through a local proxy sitting on 127.0.0.1:9050.

Why and what

The team behind fakenamegenerator.com writes on their site:

Name: Names are generated by randomly pulling a first and a last name out of a database. The database was compiled from public domain sources. [...]

Street address: The house number is a randomly generated number. The street name is pulled from a database of plausible street names for the state/country being generated. Odds are that the generated street address is not valid.

City, state, and postal code: We have compiled a …


Continue reading

No 1. - wp-members: Interesting peristant XSS leading to remote code execution.

Posted on March 15, 2013 in Security • Tagged with Security, Programming • 8 min read

Hey you there!

Type: Stored cross site scripting
Risk: Medium to high
Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek.com

Preface

It has been quite some time since I took concern of my blog, although I would have had some content ready (maybe even worth) to be published. Around six weeks ago, I rummaged (wow - new word!) through endless lines of wordpress plugin code, in the hope to get my hands on some low hanging fruits (In the likely case you don't have a clue what I am talking about: I was searching for easyily detectable security bugs in plugin applications written for wordpress). After analysing for several hours the architecture and design of a randomly chosen target - wp-members, a plugin providing the site owner with the functionality to password protect content on his wordpress site - I was able to detect a pretty nasty bug.

The bug

Alongside with the access restriction mechanism, the plugin furthermore allows users to register. The potential user is presented a nice form, which would transfer an array of registration data to the web server when submitted. Considering this, there is only one possibile location for a sink source and therefore …


Continue reading

Another wordpress catpcha implementation

Posted on January 25, 2013 in Learning • Tagged with Programming, Learning, Security • 6 min read

Hey dear readership and dudelmatz :)

I'm kinda overworked and planned quite a while ago to release my own little captcha implementation to prevent this massive bulk of spam comments I receive on a daily base: It's obnoxious to scroll through this sheer amount of spam comments and delete them. You can't just masstrash them, because you might miss a legit comment and therefore you need to check every single one. I assume the spammer embrace this expected behaviour of a blogger, and therefore exploit it.

So I needed to put a stop to this violation of my spare time and I created my own captcha. Of course, I first searched for a working and already existing solution (and I am sure there are many which are better then what I came up with), but the one I used is basically crap

Its plugin description states:

Captcha plugin allows you to protect your website from spam using math logic which can be used for login, registration, reseting password, comments forms.

And yeah as I feared this simple elegant captcha is worthless, because math logic is a joke to parse and solve by computers (=>spamscripts). I was pissed and in a mood …


Continue reading