Sunday, January 30, 2011

BackupPC 3.2.0 XSS

I dont normally make posts about XSS exploits unless there is some special circumstances. I picked this one because BackupPC is a popular network backup tool that you might find in networks all over the place and because there is no built in security you normally only find it on "secure" trusted networks.

So anyway the issue is in Browse.pm. It gets a num variable passed to it via get request, then displays the unsanitary input back to the user. So heres PoCs of both the vectors i found.

PoC 1: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS] - comes back as a valid request and runs XSS

PoC 2: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] - comes back as ERROR and runs XSS

Like most XSS holes its a easy fix, just edit line 55 in /usr/local/BackupPC/lib/BackupPC/CGI/Browse.pm to read like so:
my $num = ${EscHTML($In{num})};

or download this Browse.pm file and replace it with the one in /usr/local/BackupPC/lib/BackupPC/CGI/ on the installed server.

Ok thats it, peace.

Sunday, January 9, 2011

Poor mans IR filters for phones

At the last dc414 meeting i gave out IR filters for camera phones that i made my self. Most cameras on phones are made really cheaply and do not filter out IR, thats why camp fires and such come out looking a little purple, or pink when us take a pic using a camera phone. This happens because the sensor interprets IR to the human visual spectrum as white. To make the filters i went to walgreens, got some 35mm film, opened it up and exposed the entire role to bright light, rolled it back up into its container and asked the kind ppl at the one hour photo counter to develop my role. I also informed them that i didnt want any prints, just the negatives. Then of course i had to explain to them what it was i wanted. You can see how this might seem to be a odd request so be expecting to take a little extra time if you choose to go this route, it will take some explaining.

So why IR filters? Well taking pics with these little guys makes stuff like envelopes transparent, as well as some plastics and CLOTHES!! Making this every nerds dream! lol.

Heres a pic of the IR filters "film":


Heres a pic a took of my stove top:

Saturday, January 1, 2011

Re-DROID with stock 2.2.1

Over the holidays i dropped my phone "A Motorola DROID" in some salt filled slush in the parking lot of walmart :( It still worked kind of, buttons seemed to go crazy however. Hitting just one button did multiable things. So i took it to my local verizon store, they informed me that i would be getting a new phone in the mail in the next week or so :( Luckily for me i only had to wait four days or so, but they sent me the wrong fucking phone. Again i go back to Verizon to bitch but this time they have my phone in stock...ok. Sweet i got my new old phone.

My new old phone is nice but i found that it came with Android 2.2.1 and not 2.1 like it did before. I gave the old update.zip root i had from my old phone a try but it didn't do shit. So i took to the net to find a new setup. After a few failed attampts i found this thread about a app called SuperOneClick. I had to use cmoney's XP desktop and install .NET 3.5 form M$. That was all i need to get the SuperOneClick software to run on the desktop. To get the pc to phone data connection going at the level that the app needed i had install the Motorola Phone USB drivers. Now all i had to do was make sure USB debugging was enabled on my phone. Plug in the USB cable from the PC to my phone, hit the root button and wait for it to do its thing! Thanx to everyone involved in the SuperOneClick software, you did a awesome job!! I am now enjoying my new old rooted DROID :D There is still more work to be done on this but that will be later.