ozinisle: November 2012

Thursday, November 22, 2012

I understand that there are some tools like Nessus and Nikto that would help detect such attacks. I have no idea about them though. Just came across these stuffs and hence though of sharing the same.

Following is a shame less copy and paste. Again just wanted to share what I read.

How to Protect Yourself

The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.

Also, it's crucial that you turn off HTTP TRACE support on all webservers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported on the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all webservers.

The OWASP ESAPI project has produced a set of reusable security components in several languages, including validation and escaping routines to prevent parameter tampering and the injection of XSS attacks. In addition, the OWASP WebGoat Project training application has lessons on Cross-Site Scripting and data encoding.

And I guess you can get more ideas on the possible ways by which you can be exploited in http://ha.ckers.org/xss.html.

Hope this helps :)

XSS Cross-site scripting makes me worry

The concept of cross site scripting rang a bell inside me a long time ago. I was kind of wary about it and I even learnt to perform it. Hey I am not a hacker, dont start getting ideas already. Its just that I am curious and feel very happy to experiment stuffs the safe way as most of us prefer to do. Recently I came across a nice post about it in https://www.owasp.org/index.php/Cross-site_Scripting_(XSS).

It was very informative and very useful. I am getting newer ideas even when I am typing this one down. All stuffs posted in the site are basic and clean, but opens up my mind to a lot of potentially harzardous methods, if employed by some one against my sites, would be a massacre.

By my thoughts some of the stuffs that bothers me about how XSS may affect us are

1.
<html>
<body>

<? php
print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
?>

</body>
</html>

2.
http://testsite.test/<script>alert("TEST");</script>

3.<%...
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from emp where id="+eid);
if (rs != null) {
rs.next();
String name = rs.getString("name");
%>

Employee Name: <%= name %>
where name can be an XSS Hack

You can steal user session cookie etc.. and a lot more of such examples can be made

Most of the times when I am into serious mind wrecking program issues, all I would need was one loop hole, however small it may be, and I would fix the issues. I will just get what ever I want out of it.

All I did here was 10 minutes of thinking about what can I do with XSS. And I already got a lot of options.

Worst case, if I could understand a browser, which I definelty can if I spend a couple of months may be, I my self can do idiotic stuffs. So what can a full time hacker be capable of. Hope I dont get a cyber attack. This is scary

Saturday, November 17, 2012

Alert box issues in Sencha Touch 2

I believe there is an issue with the Ext.Msg.alert() dialog in chrome right from the first version of the Sencha Touch. However there were css hacks that have been posted in various forums to handle them.

My point is it only has issues with Chrome and not with safari and I believe mobile devices dont use chrome yet. So I just had this tought running in my head.

Just leave it and get on with your work unless u think, it will keep bothering you. :)

Enable/Disable USB Ports

I had a sudden thought on doing things the hard way. So I just wanted to do something that will be done other than the ordinary way. And thats how I ended up with tampering my USB ports. I really hate simple access restrictions :P
After all its is very useful. I found the following stuff which partially worked.

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR”

Right Click “Start” and Click modify

To enable USB ports: change the value from “4″ to “3″
To disable USB ports: change the Value for “3″ to “4″

I got to admit. I am dumb to have expected this to save me. But atleast I learnt something :)

List of all xtypes in Sencha Touch 2

List of all xtypes
# xtype Class

1 actionsheet Ext.ActionSheet
2 audio Ext.Audio
3 button Ext.Button
4 component Ext.Component
5 container Ext.Container
6 image Ext.Img
7 label Ext.Label
8 loadmask Ext.LoadMask
9 map Ext.Map
10 mask Ext.Mask
11 media Ext.Media
12 panel Ext.Panel
13 segmentedbutton Ext.SegmentedButton
14 sheet Ext.Sheet
15 spacer Ext.Spacer
16 title Ext.Title
17 titlebar Ext.TitleBar
18 toolbar Ext.Toolbar
19 video Ext.Video
20 carousel Ext.carousel.Carousel
21 carouselindicator Ext.carousel.Indicator
22 navigationview Ext.navigation.View
23 datepicker Ext.picker.Date
24 picker Ext.picker.Picker
25 pickerslot Ext.picker.Slot
26 slider Ext.slider.Slider
27 thumb Ext.slider.Thumb
28 tabbar Ext.tab.Bar
29 tabpanel Ext.tab.Panel
30 tab Ext.tab.Tab
31 viewport Ext.viewport.Default

DataView Components
---------------------------------------------
32 dataview Ext.dataview.DataView
33 list Ext.dataview.List
34 listitemheader Ext.dataview.ListItemHeader
35 nestedlist Ext.dataview.NestedList
36 dataitem Ext.dataview.component.DataItem
37
Form Components
---------------------------------------------
38 checkboxfield Ext.field.Checkbox
39 datepickerfield Ext.field.DatePicker
40 emailfield Ext.field.Email
41 field Ext.field.Field
42 hiddenfield Ext.field.Hidden
43 input Ext.field.Input
44 numberfield Ext.field.Number
45 passwordfield Ext.field.Password
46 radiofield Ext.field.Radio
47 searchfield Ext.field.Search
48 selectfield Ext.field.Select
49 sliderfield Ext.field.Slider
50 spinnerfield Ext.field.Spinner
51 textfield Ext.field.Text
52 textareafield Ext.field.TextArea
53 textareainput Ext.field.TextAreaInput
54 togglefield Ext.field.Toggle
55 urlfield Ext.field.Url
56 fieldset Ext.form.FieldSet
57 formpanel Ext.form.Panel

Problem downloading Microsoft Powerpoint 2007 document from domino server 8.5

A while ago I was presented with a seemingly trival and strange issue. The issue stated something like, a user was able to download a .pptx file from a domino website and when opened it is always blank, were as other users were able to download the .pptx file and view its contents with out issues. I thought to my self, am I an astrologer and have I sinned enough to be tested with such an issue that if I would like to get serious about it, I might laugh my self to de***.

Yes it was funny, and I did all sorts of checking like is the user trying to preview the file on lotus notes which I knew would fail or does the user's machine really have Microsoft office installed and many such tests came back negative. I knew I am approaching/at the verge of the dangerous scenario - "Laughing myself to de***", i.e. get serious.

Know what?, I did really found something serious. Once again I am humbly reminded that one can never know everything.

It is a kind of a well known bug which was well documented as well. A rare phenominan with IBM lol. :P
http://www-01.ibm.com/support/docview.wss?uid=swg21412063

It helped me find something that I was looking for a long time, a list of all the commonly used mime type. Wonderful:O..

The abstract of what I understood from the documentation is as follows
In some cases, the browser identifies the attachment as a zip file.

Symptom : The user may be prompted to download the file locally, even though the file type is associated with the correct application in their browser.

Cause : This issue occurs because the MIME types for Microsoft Office 2007 formats are not listed in the Web Server metabase on the Domino server (httpd.cnf).

Currently, when a HTTP request is made for an unknown file type, the server returns a Content-Type of "application/octet-stream" in the response, instead of the appropriate Office 2007 MIME type.

Resolving the problem
This issue is now fixed in Lotus Notes and Domino 8.5.1 FP4 and 8.5.2.

Fix details: SPR# JBEN7WRHM7

Refer to the Upgrade Central site for details on upgrading Notes/Domino.

To resolve the issue in a previous release, IBM recommends performing the following actions to add the Office 2007 MIME types to your current Web Server metabase (httpd.cnf):

1) Shutdown the HTTP process by issuing the following command on the Domino server console: tell http quit

2) Open the httpd.cnf file (located in the Domino Data directory) using a text editor, such as Notepad. In order to edit this type of file on most operating systems, it will be necessary to launch the editor first and then open using the file menu from within the editor.

3) Copy the Office 2007 MIME types below and paste them into the httpd.cnf file (Note: When inserted, each line below should begin with either the hash symbol "#" or "AddType")

#
# Microsoft Office 2007 formats
#
AddType .docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
AddType .dotx application/vnd.openxmlformats-officedocument.wordprocessingml.template
AddType .xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
AddType .xltx application/vnd.openxmlformats-officedocument.spreadsheetml.template
AddType .pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
AddType .potx application/vnd.openxmlformats-officedocument.presentationml.template
AddType .ppsx application/vnd.openxmlformats-officedocument.presentationml.slideshow

Note: The above list only includes the most commonly used Office 2007 MIME types. For a complete list of the document types addressed by SPR # JBEN7WRHM7 (including other extensions that may be needed in your environment), please refer to the following Microsoft documentation:
http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/05/08/office-2007-open-xml-mime-types.aspx

4) Restart the HTTP task by issuing the following command on the Domino server console: load http

ozinisle

Pages