Fri Nov 8 15:18:23 CET 2013

Making news more Fun

Following the instructions from XKCD # 1288

I've converted this into a very small and tiny chrome extension: ActionNews.crx

To install, download crx file, open chrome://extensions and drag'n'drop the file into the extension-list.

All non-ssl pages will be more fun to read. Enjoy!


Posted by iso | Permanent Link | Tags: warez, mumbo jumbo, nerd stuff | comments >>

Thu Nov 19 23:45:03 CET 2009

snoopy german google users

Just stumbled upon this, german Google users seem to be highly interested in other peoples secret documents - google.com search suggestions do not include these..: ("vertraulich" = confidential, "nur für den internen gebrauch" = for internal use only)

google search fail

By the way, there are 1,030,000 Googlehits for filetype:pdf "for internal use only" :)


Posted by iso | Permanent Link | Tags: security, nerd stuff | comments >>

Tue Aug 11 11:06:53 CEST 2009

wordpress xss for <=2.8.1

The other day another wordpress exploit went public at milw0rm - it's just an XSS bug, though.
The input value in wordpress's comment Url-field turned out to be not escaped too well - they chose to let ' go through..
The injection is limited to a maximum length of, I don't remember it right now, about 200 characters I guess, and since wordpress secured the sessioncookie to httponly some versions ago, cookie stealing would be a bit more complicated.
So I chose to create a defacement link via onmouseover for the PoC. As soon as an admin would mouseover the name of the comment-creator, i.e. when moderating the comment, a blogpost is published with the message sent by the attacker thanks to the very convenient "quickpress"-form, hence the name.

In this very simple exploit you can choose whether to post as 'title' or 'content', also, you could move the $MESSAGE to be sent as comment instead of the author's name, because that is limited in length, too. When using comment as input field you can create very long posts, with some small adjustments you could even post html and javascript to the blog. Of couse, you could execute javascript to do lots of other things with to admin's browser, too.
Thankfully, this bug among others is fixed in Wordpress 2.8.2 and above.


Posted by iso | Permanent Link | Tags: php, web2.0, security, code | comments >>

Tue Apr 21 23:10:54 CEST 2009

quick antispam script

the concecpt of "this link kills spam" is nice, but has an obvious disadvantage: any sophisticated spammer will quickly blacklist the site. Inclusion from a publicly known site will therefore not work for long, which is sad, since the original idea is rather intriguing.
N.b.: any harvester will lookup mx records and quickly find out about the inexistence of these random addresses before even trying to send anything. But, still, if there are enough addresses fed this will take quite some processing time.

You'll need to generate the list on your own to really make it work for realworld harvesters. Here's some quick public domain php source you could use which produces more or less the same content:

<?php
# very quick antispam by iso from kapsobor
$phrases = array(
"contact us at ", "please write to us via ", "my email address is ",
"contact: ", "mailto:", "email address is", "please write to",
"send mail to", "NOSPAM.", "STOP.SPAM.",
);
for($i=0;$i<rand(30,50);$i++) {
$email = "";
for($j=0;$j<10;$j++) { $email .= chr(97+rand(0,25)); }
$email .= "@";
for($j=0;$j<14+rand(0,4);$j++) { $email .= chr(97+rand(0,25)); }
print $phrases[rand(0,sizeof($phrases))]. "$email.com\n";
}
?>

for moar pieces of information consult one of the following email adresses .. ;)
contact: tituopzeki@kwiqzlbxivcgrwh.com
send mail toberjgiygxj@yhvotpkmsptcaaj.com
xybtpqcjjr@tmvpxijzchhmwdme.com
NOSPAM.guvwasfisp@seokbrprcidodgyoc.com
send mail toidlkpdpeag@cxikdopdmaepsetmq.com
email address iskbgnsvciff@spgkmbwvdkphefic.com
wtlhqykrhg@dhjxqzfbpdyunp.com
STOP.SPAM.jcwqlfzibq@boleimgsiygbmwje.com
contact: zjydxhqkmw@flujsidjintaunu.com
send mail toftdzkmvdse@voqactsnwfdakyf.com
[..]


Posted by iso | Permanent Link | Tags: warez, php, code | comments >>

Thu Mar 12 13:46:38 CET 2009

tgtpd - a telegraph transfer protocol daemon

Closing a gap that has existed for far too long, I hereby announce the existence of tgtpd, a telegraph transfer protocol daemon.

You can transfer text and even binary data by using morse-code.

The source code is available at tgtp://blog.kapsobor.de/tgtpd.pl - in case your lame browser does not support tgtp yet, you might make use of a small tgtp-client called tget [download tget]

You should try f.e. calling
chmod +x tget
./tget tgtp://blog.kapsobor.de/ > index.html

and even
./tget tgtp://blog.kapsobor.de/logo.png > logo.png will or should work.

Running your own tgtpd is pretty straight forward:
just put tgtpd.pl into any directory, create a directory called tgtpdocs in there, then run for example
perl tgtpd.pl >> tgtpd.log 2>&1 &
- and everything in the tgtpdocs-directory will be accessible via tgtp (port 7070 by the way) - as long as its filename is all lowercase and has no characters not available in common morse code :).

The morse code is only slightly extended to be able to transfer binary data. The protocol might come in handy in case you can only transfer two different bytes (or, in the current implementation, three..) and still want to comfortably serve files.
And, of course, you could always connect it to a real telegraph and use that to serve some html...


Posted by iso | Permanent Link | Tags: mumbo jumbo, crazy, nerd stuff | comments >>