Author: Voxel@Night

Stored XSS in WP Photo Album Plus 5.4.5

There is a (relatively minor) stored XSS vulnerability in WP Photo Album Plus (WPPA) 5.4.5. WPPA maintains its own error log. When this error log is viewed through the web interface, its output is not sanitized. Regular users that have the ability to upload files to photo galleries can cause arbitrary data to be written to the log file. An easy way to demonstrate this is to upload a zip file containing a file named:

<img src="ff" onerror="alert('xss');">

When you try to import the contents of the zip file, it produces an error containing the malicious file name that is logged. Things aren’t escaped properly on the upload/import pages either, resulting in the js running after the import attempt. The lack of proper sanitization on these pages results in a reflected XSS vulnerability as well, but with double and single quotes escaped with backslashes, so you may need to fiddle with it a bit to get it to do something useful.

http://wptestbox1.dev/wordpress/wp-admin/admin.php?page=wppa_import_photos&zip=<img src="ff" onerror=alert(0);>.zip

Read more

Manually Starting or Stopping a RAID check in Linux

If you want to manually start or stop a RAID consistency check in Linux it’s quite simple.

Starting a check on md0:

root@desktop:~# echo check > /sys/block/md0/md/sync_action

Stopping a check on md0:

root@desktop:~# echo idle > /sys/block/md0/md/sync_action

If you’re using Debian (or a Debian based distro, e.g. Ubuntu), there is a script to do this.

Read more

Getting progress from dd

Just a real quick post on how to get progress updates from dd.

The dd command normally doesn’t display any progress updates when you run it.

In order to get dd to print out its current progress, send the USR1 signal to the dd process.

Step 1: Start dd.

username@desktop:~$ dd if=/dev/random of=outfile 

Step 2: Get the PID (Process ID) of dd.

username@desktop:~$ ps a PID TTY STAT TIME COMMAND -- snip -- 9158 pts/30 S+ 0:00 dd if=/dev/random of=outfile 9187 pts/31 R+ 0:00 ps a

Read more

Free Email Hosting with Zoho

If you’ve ever tried to set up your own mail server, you know it can be a pain in the ass.

A lot of hosting companies offer free email forwarding and this may work fine for you, but if you want a separate mailbox (or several) you either need your own mail server or you need to get someone else to host it for you. Google used to offer free email hosting (i.e. gmail, but with your own domain name), but stopped offering this for free in 2012. Outlook (from Microsoft) stopped allowing new sign ups with your own domain name too.

Fortunately, Zoho offers free email hosting (and paid plans, of course). As of the time of writing, they offer free email hosting for 10 users, 5GB per user.

Read more

Microsoft TechNet Evaluation Center

Have you ever wanted to mess around with a copy of Windows Server 2012, Exchange Server, SQL Server, or some other Microsoft product targeted at businesses?

You can download fully functional copies of Windows Server, Windows 7, Windows 8, Exchange, SQL Server, Office, and a shitload more for free from Microsoft’s own website.

Read more