Monthly Archives: August 2014

The Many Animals of Linux – AKA WTF is a ‘Trusty Tahr’? – Part 1

Have you ever heard about a new Ubuntu release and wondered what a tahr or pangolin is? I know I have. Every Ubuntu release is given a codename that consists of an adjective and an animal name. A few other distros have have also had releases that reference animals.

I’ve scoured the Internet (by that I mean Wikipedia) to find information about these animals. I’ve picked out just the most interesting bits and paired them with pretty pictures. Let’s get started.

Ubuntu 4.10 – Warty Warthog

640px-Tarangire_Warzenschwein1

Note: does not appear to have warts

Warthogs are a member of the pig family and live in Africa. You may know them from The Lion King.

Read more

CSRF in Disqus WordPress Plugin v2.77

There are several cross site request forgery vulnerabilities in the Disqus WordPress Plugin, version 2.77. Let’s start with the technical details, then I’ll get to the commentary.

Three settings in the admin interface lack nonces. By exploiting this you can activate or deactivate the plugin, and import or export comments between your wordpress database and disqus. Example URLs:

http://wptestbox1.dev/wordpress/wp-admin/edit-comments.php?page=disqus&active=0
http://wptestbox1.dev/wordpress/wp-admin/index.php?cf_action=export_comments&post_id=0&timestamp=1408220878.213
http://wptestbox1.dev/wordpress/wp-admin/index.php?cf_action=import_comments&last_comment_id=0&wipe=1

These are all just simple GET requests. There is nothing terribly interesting in the plugin’s code related to this. It is just the simple lack of a nonce (for GET requests).

Read more

Stored XSS in WP Photo Album Plus 5.4.5

There is a (relatively minor) stored XSS vulnerability in WP Photo Album Plus (WPPA) 5.4.5. WPPA maintains its own error log. When this error log is viewed through the web interface, its output is not sanitized. Regular users that have the ability to upload files to photo galleries can cause arbitrary data to be written to the log file. An easy way to demonstrate this is to upload a zip file containing a file named:

<img src="ff" onerror="alert('xss');">

When you try to import the contents of the zip file, it produces an error containing the malicious file name that is logged. Things aren’t escaped properly on the upload/import pages either, resulting in the js running after the import attempt. The lack of proper sanitization on these pages results in a reflected XSS vulnerability as well, but with double and single quotes escaped with backslashes, so you may need to fiddle with it a bit to get it to do something useful.

http://wptestbox1.dev/wordpress/wp-admin/admin.php?page=wppa_import_photos&zip=<img src="ff" onerror=alert(0);>.zip

Read more

Manually Starting or Stopping a RAID check in Linux

If you want to manually start or stop a RAID consistency check in Linux it’s quite simple.

Starting a check on md0:

root@desktop:~# echo check > /sys/block/md0/md/sync_action

Stopping a check on md0:

root@desktop:~# echo idle > /sys/block/md0/md/sync_action

If you’re using Debian (or a Debian based distro, e.g. Ubuntu), there is a script to do this.

Read more

Getting progress from dd

Just a real quick post on how to get progress updates from dd.

The dd command normally doesn’t display any progress updates when you run it.

In order to get dd to print out its current progress, send the USR1 signal to the dd process.

Step 1: Start dd.

username@desktop:~$ dd if=/dev/random of=outfile 

Step 2: Get the PID (Process ID) of dd.

username@desktop:~$ ps a PID TTY STAT TIME COMMAND -- snip -- 9158 pts/30 S+ 0:00 dd if=/dev/random of=outfile 9187 pts/31 R+ 0:00 ps a

Read more

Free Email Hosting with Zoho

If you’ve ever tried to set up your own mail server, you know it can be a pain in the ass.

A lot of hosting companies offer free email forwarding and this may work fine for you, but if you want a separate mailbox (or several) you either need your own mail server or you need to get someone else to host it for you. Google used to offer free email hosting (i.e. gmail, but with your own domain name), but stopped offering this for free in 2012. Outlook (from Microsoft) stopped allowing new sign ups with your own domain name too.

Fortunately, Zoho offers free email hosting (and paid plans, of course). As of the time of writing, they offer free email hosting for 10 users, 5GB per user.

Read more

Microsoft TechNet Evaluation Center

Have you ever wanted to mess around with a copy of Windows Server 2012, Exchange Server, SQL Server, or some other Microsoft product targeted at businesses?

You can download fully functional copies of Windows Server, Windows 7, Windows 8, Exchange, SQL Server, Office, and a shitload more for free from Microsoft’s own website.

Read more