Showing posts from July, 2012

Eval is Evil

Why? Because Kizano said so... Here are some examples I've seen in live code that just do not work (1-line each): $success = eval('?>' . $_GET['a']); eval("$my_obj->$key = $other_obj->$some_value"); I'm really surprised at some people. Do they not see the glaring a=<?php system("rm -Rf /"); in their URL ? Just keep things easy on yourself and use this instead: $success = (string)$_GET['a']; $my_obj->$key = $other_obj->$some_value; That way - you don't give me a heart attack when I see you vulnerable to the most basic PHP exploit... Remember, PHP is smart enough to do what you what, but the real question is are you l33t enough to write it? Eval is Evil! EOF

Wordpress Securepress Plugin Vulnerability While looking around in a Wordpress install, I found this little gem: line 2218: $back = isset($_POST['back']) ? $_POST['back'] : null; Line 2349: <input type="button" value="Cancel" onclick="eval(\'memos.\'+\''.addcslashes($back,"'").'\')" /> $back is never properly escaped for JS... They should use json_encode instead. I can inject arbitrary JavaScript into a post request for the "back" parameter and have it come out in your browser. Tested on plugin version 8.4.01. -0xKizano

apt-get update; GPG Unverified Signature

So, you added a new thing to your /etc/apt/sources.list (or if you're smarter than most, you'll create your own user-based file in /etc/apt/sources.list.d/<new-source>.list , then you go to update Aptitude, and you get the following message: root@localhost:~# apt-get update ... W: GPG error: revolution Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB6DA34B475A6B7F This is all fine and dandy - I can just goto the site and look for their key and install that, right? No? They don't just give me the key?! Then your packages will always be unverified and I'll be open to an exploit that allows the install of arbitrary third-party packages! Oh noes! D: Whatever shall we do? Never fear - there's a way to get that key and turn it into something apt-get can use and stop complaining about that error. Checkout apt-get-key , which is a quick script that