Sunday, April 29, 2007

XSS on Yaari.com



Lots of friendship network sites are coming up these days following the success of orkut. Another one supposedly originating from the same stanford university is yaari.com targeted at mainly Indian users. The site looks and functionality seems fine but is full of XSS holes (Cross Site Scripting). Almost all the fields can be bugged.

Only thing that amazes me is that the site has used PHP. PHP has such a wonderful list of functions that can take care of the XSS problem. I wonder why no one is using those. I guess people are unaware of the XSS problem or is it that they just under estimate it ????

If anyone from the administrative department of yaari happens to be reading this, please post a comment on "Why have you ignored XSS ??"

Thanx Mr Nobody,
XSS is on DesiMartini.com too

Monday, April 23, 2007

Using PHP for more than HTML

Intro
It is mostly thought that PHP can be used only for making dynamic web pages. No. PHP can also be used to make dynamic images (jpg,gif,bmp,png..), javascript codes (js), Style sheets (css), XML files and in the advanced cases pdf's, docs etc.

So How do we know the php is a different file ?
By default the php file is rendered as a HTML file. The server does not need any recognition for the format of the php file, i.e, server doesn't care what the format is. But the browser does. So we have to notify the browser the content-type of the content we are sending to the browser.

This is done by

<?
header("Content-Type: image/jpeg");
?>

The header function adds or replaces the default headers. Thus here the default content type being html/plain-text is replaced by image/jpeg. Thus on the viewers browser the php file would be rendered as an image. Thus
<img src="http://example.com/images/image.php">

would show an image if the coding is correct and the image format is correctly rendered.

More about returning images
<?
header("Content-Type: image/jpeg");
echo file_get_contents("../images/some.jpg");
?>


The above code returns a jpeg. But this is static everytime we see the some.jpg. The advantage of using php to return image is that you can provide a authentication validation, i.e, the user must have signed in to view the image. Thus automatically hot linking is prevented. (Hot linking is the use of images of other servers, by another server. for eg an image on www.example.com displyed on www.elpmaxe.com)
But precious server resources are also consumed.

Another advantage is by returning a random image :
<?
header("Content-Type: image/jpeg");
$files = array("photo0.jpg","photo1.jpg","photo2.jpg");
$index = rand(0,2);
echo file_get_contents($file[$index]);
?>


Returning an image from scratch
Suppose we want to display an image, say for example a bar graph or a random code or text segment from php. Using 100's of images is inefficient and time consuming. In these cases comes in the use of the GD library.

Returning other formats
Other formats can be returned from php via the same way by changing the Content-Type header and giving the appropriate body.
Example :

<?
header("Content-Type: text/javascript");
?>
function Foo()
{

}
<?
echo "function Rand() { } ";
?>


It is also a good practice to set the content-length header, in case you know the size of the body you are about to send in advance. (In case you are sending an image).

Common Content Types


HTML TEXTtext/html
Plain TEXTtext/plain
Cascading Style Sheetstext/css
GIFimage/gif
JPEGimage/jpeg
TIFFimage/tiff
RGBimage/rgb
PNGimage/x-png
PDFapplication/pdf
RTFapplication/rtf

Sunday, April 22, 2007

Chatting with Self on google talk

How did I do it ?



Have you done this ?
If yes, comment on how you did that ...
If no, challenge .... try doing it...

Have fun :)

Saturday, April 21, 2007

An Introduction to PHP

PHP ?
PHP stands for Hypertext Preprocessor. Well what is it ? In the world wide web we are familiar with the HTML page. The HTML page is static and does not change. What if we want a page that has some parts common and other parts different according to the browser or user that is visiting the site? Say for an example, a user's profile page. It is wasteful and time consuming to make each user a separate HTML page. Here is where Server side scripting comes in. Thus we can program the page in such a way that the common template is stored in a file and all the variable information such as the user's name, address , etc can be fetched from a database or a remote location and be displayed on the site. This is just one scenario where server side scripting is used. There is many other scenario's like the need for a login, displaying dynamic data etc.

There are many server side scripting languages. One of it is PHP. Other common languages are ASP (Active Server Pages),ASP.net,CFM (Cold Fusion Template),etc...

PHP is different from other conventional languages like C,C++ used to make desktop applications.

PHP file is an ordinary text file and does not need any compiler. The language is interpreted as it is and executed by the server. In desktop applications the data is entered through the keyboard and displayed on the monitor. In web applications that make use of the PHP, data is sent by HTTP methods in the browser. 2 most common ways to input data is via the GET and POST. Similarly the output of a PHP file can be in the form of an HTML file, JPG file, XML file or any format as you wish (Yes!!)

The PHP Language
As mentioned above, PHP files are ordinary text files with the extension PHP. Suppose you want a dynamic page that shows say todays date.


<html>
<head>
<title>Today's date</title>
</head>
<body>
Todays date is : <? //PHP code begin
echo date("M d Y H:i:s");
//PHP code end
?>

</body>
</HTML>


The <? tag marks the beginning of the PHP code segment and the ?> marks the ending of the code segment. There can be any number of PHP code segments in a file. Text outside the code segment is by default interpreted as HTML and send back to the browser as it is. The code within the segement is evaluated and executed and the output of the code replaces the <? ?> The PHP code is executed and replaced in the server itself and no PHP source code is sent to the browser. Thus the HTML recieved by the browser is


<html>
<head>
<title>Today's date</title>
</head>
<body>
Todays date is : Apr 22 2007 09:15:00
</body>
</HTML>


echo is something like the printf. It prints whatever that follows it until the ;. date is a function that returns the formatted date and time according to the argument passed to it.

The code segment is broken up into statements. Each statement ends with a ; as in C / C++.

Variables in PHP
All variables in PHP start with $. eg: $variable = 10;
Unlike C/C++ no data type needs to be mentioned in PHP.

$variable = 10;
$var2 = "arun";
$var3 = array("asd","gfh");
$var4 = false;


To read more about the language, built-in functions and syntax visit www.php.net.

Inputing to PHP

Now you have seen how the PHP outputs the DATA. Now lets see how to push data into the PHP code. Data can be pushed in two common ways :

1. GET : In get method, the data to be passed to the php page can be encoded in the URL in the following format :
http://www.example.com/some/test.php?variable1=something&variable2=something else
These variables are automatically filled into the $_GET array. Therefore $_GET["variable1"] has the value "something" and $_GET["variable2"] has the value "somethingelse".

2. POST : In the POST method the data is not send with the URL but with the HTTP request. An HTML form with action="the destination php file" is used in this case. All POST variables appear in the $_POST similarly as with the GET.

That's all for Part 1
Stay tuned....

Tuesday, April 17, 2007

Freeing up more disk space

Disk Clean Up
Right Click the drive -> Properties -> Click on the Disk Clean Up -> Press OK


Obsolete Restore Files
Right Click the drive -> Properties -> Click on the Disk Clean Up -> More Options Tab -> System Restore Frame -> Click Clean Up -> OK

Disable Hibernation
If you do not use hibernate feature, disable it.
Control Panel -> Power Options -> Hibernate Tab -> Uncheck Enable Hibernation -> OK


Removing .tmp , .log
.tmp and .log are temporary or log files that simply clog up valuable disk space on your system, Its safe to delete them.

Clean the TEMP directories
X:\Windows\TEMP
X:\Documents and Settings\User\Local Settings\TEMP

Remove unused User Accounts
Delete any users that no longer exists

Change the pagefiling quota on the disk
Control Panel -> Click System -> Advanced Tab -> Performance Frame -> Click Settings -> Advanced Tab -> Virtual Memory Frame -> Click Change Button -> ...


Remove DMP file
Sometimes a RAM image may be saved to your X:\Windows\ folder after a crash. You can remove that files. Normally X:\Windows\memory.dmp

Empty the Trash Bin
Right Click the Recycle Bin and Click empty Recycle Bin.

Related :

Run the Disk Defragmenter to increase performance.
Pressing PrintScreen takes the screen shot of the entire screen.
Pressing Alt+PrintScreen takes the screen shot of the active window only.

Saturday, April 7, 2007

Making Sony Ericsson Mobile Themes

Intro

Sony Ericsson mobile themes (.thm files) is simply a collection of a lot of images and an xml file that specifies the colour codes. Take a theme file rename it to .tar (use archive manager on linux or any standard compresssing utility) and unzip it using any standard unzipping utility. Just play with the files and images and you can make your self a new theme. Be it for W550i, W800i, W880i, K310i, K750i, K700i, etc ... Re-zip the contents and rename it to .thm file and you have a new theme. Copy it to the themes folder on your mobile. Set the theme !


Theme files for Sony Ericsson phones, except for the Symbian™/UIQ™ phones (P900, P910, P990, M600
and W950 series), are TAR archives with the file extension .thm. A theme file contains at least an XML file,
in which colour settings for graphical elements and optionally image file names and audio file names are
defined. If the XML file specifies image or audio file names, the specified files are also included in the
archive. To extract the individual files from THM theme files most standard archiving applications on the
market can be used.
Sony Ericsson Symbian/UIQ phone theme files are ZIP packages with file extension .utz. A package contains
an XML file specifying colour settings, images and sounds used in the theme, together with a
number of image and audio files.


Simple and Short :)


Sony Ericsson Themes Creator
If you cannot take the pain of doing the above steps, simple download the sony ericsson themes creator from here

Friday, April 6, 2007

HTTP 1.1 Response Status Codes

Intro
For each request a client sends to the server, the web server returns a 3 digit HTTP status code indicating the server's response. Eg:

HTTP/1.1 404 Not Found

Here is the list of codes that the server sends and a brief description of the code.

The status response codes are grouped as :

100 - 199 : Informational Status Codes

Provides information to the Client that the server is starting to fulfill the request.


  • 100 Continue : Server says "Ready to receive the rest of the request"

  • 101 Switching Protocols : "Ready to switch the protocol specified by the client, in an Upgrade Request"



200 - 299 : Client Request Successful

Status codes that indicates the client's request was successfully accepted.

  • 200 OK : Successfully processed request and response is attached

  • 201 Created : Created the new URI specified by the Location Header.

  • 202 Accepted : Accepted for processing

  • 203 Non Authoritative Info : Indicates the META information originated from another server.

  • 204 No Content : Request complete, but no new information.

  • 205 Reset Content : Client should reset the current document.

  • 206 Partial Content : Used for GET requests for getting a part of the document. The server sends a Content-Range header to indicate the Data-Segment.



300 - 399 : Request Redirected


  • 300 Multiple Choices : Requested resource contains multiple documents

  • 301 Moved Permanently : The requested document has been moved from the current location, a new location is send in the Location Header

  • 302 Moved Temporarily : Requested document has been temporarily moved to location specified by the location header.

  • 303 See Other : The requested resource is found in a different location indicated by the Location Header.

  • 304 Not Modified : Server uses this code in response to the If Modified Since Request. This indicates the document has not been modified.
  • 305 Use Proxy : Client should use a proxy specified by the location header.

  • 307 Temporary Redirect : Requested resource is temporarily redirected to a different location specified by the Location Header.



400 - 499 : Client Request Incomplete

Indicates the client request is incomplete and needs more information to complete the request.


  • 400 Bad Request : Syntax error in the client request

  • 401 Unauthorized : Request requires authentication, server sends a WWW-Authenticate Header to indicate the authentication type.

  • 402 Payment Required : Reserved for Future

  • 403 Forbidden : Access to request is forbidden

  • 404 Not Found : Requested document is not found.(My Favorite)

  • 405 Method Not Allowed : Requested method is not acceptable

  • 406 Not Acceptable : Requested resource is not available in a format the client cannot accept.

  • 407 Proxy Authentication Required : Unauthorized access request to a proxy server. Server sends a Proxy Authenticate header.
  • 408 Request Time Out : The request timed out, client can reissue the request

  • 409 Conflict : The client requests conflict with each other.

  • 410 Gone : The requested resource has permanently been gone from the server

  • 411 Length Required : Content-Length must be required

  • 412 Precondition Failed : This is in response to one or more IF ... Headers send by the client, indicating one or more conditions specified is FALSE.

  • 413 Request Entity too large : The request body is too large, server refuses to process it

  • 414 Request-URI too Long : The server refuses to process the request because the URI is too large.

  • 415 Unsupported Media Type : Content body is unsupported by the server.

  • 416 Requested Range Not Satisfiable : Request range out of bounds.

  • 417 Expectation Failed : Server failed to meet the requirements of the Expect Header Request.


500 - 599 : Server Errors

Returned when the server encounters errors.


  • 500 Internal Server Error : Server config. setting or an external program has caused an error

  • 501 Not Implemented : Server does not have the functionality to fulfill request

  • 502 Bad Gateway : The Server encountered an invalid response from an upstream server or proxy

  • 503 Service Unavailable : Service is temporarily unavailable.

  • 504 Gateway Time-Out : Gateway / Proxy timed out

  • 505 HTTP Version Not Supported : HTTP version used by the client is not supported



Rest of the codes are reserved for Future

Tuesday, April 3, 2007

XSS on JustDial.com




JustDial.com

Saw the ad a few days back on the TV, so thought could play with it. As expected, they haven't thought/bothered about Cross Site Scripting !

Just search for our usual keyword :


<script> alert("XSS"); </script>

and you can get alerts.

The reason for most XSS holes is due to the use of Microsoft's Active Server Pages (ASP). ASP does not have much default functions or modules to combat XSS. Whereas PHP has a number of functions to do the same.


Happy Hacking ...

Sunday, April 1, 2007

Installing GCC for Linux (Fedora Core 6)

Introduction
Phew! Here are the steps for installing the GNU C Compiler (GCC) for Linux in Fedora Core 6 .

Steps

Download the following files :


  • libgomp-4.1.1-30.i386.rpm

  • glibc-headers-2.5-3.i386.rpm

  • glibc-devel-2.5-3.i386.rpm

  • gcc-4.1.1-30.i386.rpm


You can get the above files by searching for the above files on
http://rpmfind.net/linux/rpm2html/search.php
Install the rpm's , open the console :


[.....]# rpm -Uvh libgomp-4.1.1-30.i386.rpm
.
.
[.....]# rpm -Uvh glibc-headers-2.5-3.i386.rpm
.
.
[.....]# rpm -Uvh glibc-devel-2.5-3.i386.rpm
.
.
[.....]# rpm -Uvh gcc-4.1.1-30.i386.rpm



Finished Installation

Confirm your installation by doing a man gcc
It should be done ....

Be free...Linux.