play page 2 - Dave's Blog


Search

Natural Selection

2012 Sep 6, 6:45

Classic 2d space shooter except you are fighting the ghosts of previous players. Your play through is replayed as an enemy against future players. Also, written in HTML/JS

PermalinkCommentsgame video-game neat html justin-rogers

Stripe CTF - Input validation (Levels 1 & 2)

2012 Sep 6, 5:00

Stripe's web security CTF's Level 1 and level 2 of the Stripe CTF had issues with missing input validation solutions described below.

Level 1

Code

          $filename = 'secret-combination.txt';
extract($_GET);
if (isset($attempt)) {
$combination = trim(file_get_contents($filename));
if ($attempt === $combination) {

Issue

The issue here is the usage of the extract php method which extracts name value pairs from the map input parameter and creates corresponding local variables. However this code uses $_GET which contains a map of name value pairs passed in the query of the URI. The expected behavior is to get an attempt variable out, but since no input validation is done I can provide a filename variable and overwrite the value of $filename. Providing an empty string gives an empty string $combination which I can match with an empty string $attempt. So without knowing the combination I can get past the combination check.

Notes

Code review red flag in this case was the direct use of $_GET with no validation. Instead of using extract the developer could try to extract specifically the attempt variable manually without using extract.

Level 2

Code

    $dest_dir = "uploads/";
$dest = $dest_dir . basename($_FILES["dispic"]["name"]);
$src = $_FILES["dispic"]["tmp_name"];
if (move_uploaded_file($src, $dest)) {
$_SESSION["dispic_url"] = $dest;
chmod($dest, 0644);
echo "

Successfully uploaded your display picture.

";
}

Issue

This code accepts POST uploads of images but with no validation to ensure it is not an arbitrary file. And even though it uses chmod to ensure the file is not executable, things like PHP don't require a file to be executable in order to run them. Accordingly, one can upload a PHP script, then navigate to that script to run it. My PHP script dumped out the contents of the file we're interested in for this level:


Notes

Code review red flags include manual file management, chmod, and use of file and filename inputs without any kind of validation. If this code controlled the filename and ensured that the extension was one of a set of image extensions, this would solve this issue. Due to browser mime sniffing its additionally a good idea to serve a content-type that starts with "image/" for these uploads to ensure browsers treat these as images and not sniff for script or HTML.

PermalinkCommentsinput-validation php security technical

Stripe Web Security CTF Summary

2012 Aug 30, 5:00

I was the 546th person to complete Stripe's web security CTF and again had a ton of fun applying my theoretical knowledge of web security issues to the (semi-)real world. As I went through the levels I thought about what red flags jumped out at me (or should have) that I could apply to future code reviews:

Level Issue Code Review Red Flags
0 Simple SQL injection No encoding when constructing SQL command strings. Constructing SQL command strings instead of SQL API
1 extract($_GET); No input validation.
2 Arbitrary PHP execution No input validation. Allow file uploads. File permissions modification.
3 Advanced SQL injection Constructing SQL command strings instead of SQL API.
4 HTML injection, XSS and CSRF No encoding when constructing HTML. No CSRF counter measures. Passwords stored in plain text. Password displayed on site.
5 Pingback server doesn't need to opt-in n/a - By design protocol issue.
6 Script injection and XSS No encoding while constructing script. Deny list (of dangerous characters). Passwords stored in plain text. Password displayed on site.
7 Length extension attack Custom crypto code. Constructing SQL command string instead of SQL API.
8 Side channel attack Password handling code. Timing attack mitigation too clever.

More about each level in the future.

PermalinkCommentscode-review coding csrf html internet programming script security sql stripe technical web xss

Eyeo2012 - Robert Hodgin Robert Hodgin presents various 3D...

2012 Jul 18, 8:39


Eyeo2012 - Robert Hodgin

Robert Hodgin presents various 3D animation projects in a humorous fashion.

PermalinkComments3d animation humor video programming

wired: cnet: Mp3 playing retainer transmits music through your...

2012 Jul 3, 2:31




wired:

cnet:

Mp3 playing retainer transmits music through your teeth:

Bone conduction audio, retainers, and shiny hip-hop teeth grills aren’t new inventions, but tech hacker Aisen Caro Chacin had the clever idea to put them all together.

The Play-A-Grill MP3 player prototype fits in your mouth like a retainer, shines on the outside like a precious metal rap grill, and plays music through bone conduction through your teeth.

Read more

Oh man, this would have made puberty just a touch cooler. Maybe. 

PermalinkCommentshumor mp3 tech

ifc: This week on Comedy Bang! Bang! - Michael Cera!

2012 Jun 27, 3:38


ifc:

This week on Comedy Bang! Bang! - Michael Cera!

PermalinkCommentshumor comedy-bang-bang michael-cera video

“Fuck You, Pay Me” is a talk on contracts, payments,...

2012 Jun 25, 2:06


Fuck You, Pay Me” is a talk on contracts, payments, etc. for free-lance designers.

PermalinkCommentsbusiness web-desgin video technical

Microsoft Surface: a gentle kick in the teeth of the OEMs | Ars Technica

2012 Jun 25, 12:59

But if Surface is aimed at the OEMs—telling them “we can do this just as well as you can, if we have to”—and setting them a challenge—”your tablets have to be at least this good”—then the limited availability isn’t necessarily such a big deal. As long as the OEMs heed the warning and raise their game, so that Redmond can be assured that bad hardware won’t jeopardized Windows 8’s success, Microsoft could safely keep Surface operating as a small-scale operation, playing the Nexus role without upsetting the PC market.

PermalinkCommentstechnical surface win8 windows windows8 business

“Hey Pass Me a Beer” in the same vein as the...

2012 Jun 21, 2:55


“Hey Pass Me a Beer” in the same vein as the HIGH-FIVE! montages.

PermalinkCommentshumor video beer

The amazing powers of CSS

2012 Jun 20, 3:32

Some fun CSS things including the following:

head { display: block; border-bottom: 5px solid red; }

script, style, link { display: block; white-space: pre; font-family: monospace; }

script:before { content: “”; }

PermalinkCommentscss technical html

(via Parody Tech Startup Explainer Video for Vooza)

2012 Jun 7, 3:04


(via Parody Tech Startup Explainer Video for Vooza)

PermalinkCommentshumor startup buzzword vooza video web

Ready Player One Easter Egg Hunt - Contest Announcement (by...

2012 Jun 5, 8:32


Ready Player One Easter Egg Hunt - Contest Announcement (by ernestcline)

PermalinkCommentsready-player-one video ernest-cline book easter-egg video-game delorean

Line Simplification

2012 Jun 3, 12:47

Neat demo of Visvalingam’s line simplification algorithm in JavaScript applied to a map of the US.

To simplify geometry to suit the displayed resolution, various line simplification algorithms exist. While Douglas–Peucker is the most well-known, Visvalingam’s algorithm may be more effective and has a remarkably intuitive explanation: it progressively removes points with the least-perceptible change.

PermalinkCommentsline-simplification demo technical javascript

Jet Set Radio HD coming soon with awesome soundtrack...

2012 Jun 1, 2:55


Jet Set Radio HD coming soon with awesome soundtrack promised. Exciting!

PermalinkCommentsjet-set-radio video-game game video music xbox

ECCC 2012: Star Wars Trilogy: The Radio Play - Official Video...

2012 May 25, 1:29


ECCC 2012: Star Wars Trilogy: The Radio Play - Official Video (by emeraldcitycomicon)

Star Wars as read by voice actors in the voices of their famous roles: Bender, Stimpy, Morbo, Bubbles, Batman, and and and…

PermalinkCommentshumor video voice-acting bender billy-west star-wars

Video

2012 May 23, 3:53


PermalinkCommentshumor parking app android phone

Play Fez

2012 May 7, 3:30

I'm done playing Fez. The style is atmospheric retro nastalgia and on the surface the gameplay is standard 2D platformer with one interesting Flatland style game mechanic but dig deeper to find Myst style puzzles. Despite the following I thoroughly enjoyed the game and would recommend it to anyone intrigued by the previous. Five eighths through the game I ran into one of the game's infamous Fez save game breaking issues, but I enjoyed the game enough that I started over before any patches were released and had no further issues.

While playing the game I created some tools to help keep track of my Fez notes (spoilers) including a Pixelated Image Creator that makes it easy to generate data URIs for large, black and white pixelated images, and (spoilers) a Fez Transliteration Tool to help me translate the in-game writing system.

PermalinkCommentsvideo-game fez game xbox

Another Comedy Bang Bang preview clip this time with Zach...

2012 Apr 18, 6:02


Another Comedy Bang Bang preview clip this time with Zach Galifianakis.

PermalinkCommentszach-galifianakis comedy-bang-bang video humor preview scott-aukerman tv clip

Free Universal Construction Kit is a set of 3D models you can...

2012 Mar 19, 4:05


Free Universal Construction Kit is a set of 3D models you can print on a 3D printer that allow you to connect Lego to Duplo to Lincoln Logs, etc.

PermalinkCommentstoy video 3d-printer

paulftompkins: shahruz: Promo on IFC for the upcoming Comedy...

2012 Feb 29, 10:13
[Flash 10 is required to watch video.]

paulftompkins:

shahruz:

Promo on IFC for the upcoming Comedy Bang Bang TV show!!!

BE EXCITED.

I am excited Paul.

PermalinkCommentshumor video comedy-bang-bang
Older EntriesNewer Entries Creative Commons License Some rights reserved.