Author: Edric

Recently I came across an unusual method of preventing SQL injection during a source code review. It is unusual in a sense whereby the function corrupts the input intentionally in an attempt to prevent SQL injection.

The following is a modified version of the function but the idea is similar:

function formatString($query){
    $key = "z9"; $output = "";
    $arr = str_split($query, 2);
    foreach($arr as $value){
        $output = $output . $value . $key;
    }
    return $output;
}

The code snippet above splits the string using _strsplit() into an array of groups of 2 characters (I shall refer to this as group length for the remaining post). For example, if the input is “hello”, it will be split into [“he”,”ll”, “o”].

Subsequently, the code will append the $key value to the back of each element and return the output. So if the input was “hello”, the output, in this case, would be “hez9llz9oz9”.

And to revert the string to its original state, we can simply use the following function:

function unformatString($query){
  $key = "z9"; $output = "";
  $outarray = explode($key,$query);
  foreach($outarray as $value){
    $output = $output . $value;
  }
  return $output

Before I continue, I want to first declare that this is a hypothetical scenario and that I did not actually exploit this on the internet. (I do not want my reader to think I am click-baiting)

Recently I got into online marketing and it was certainly eye-opening to learn how people make a living out of online business.

They could be making money literally anywhere in the world and have the ability to generate truly passive income even when they are asleep.

Anyway, one of the more important take-ups aways is that Facebook has this little snippet of the script called a Facebook pixel.

Think about it as Google Analytics but for Facebook.

It allows an online business to retarget using Facebook ads.

After inserting Facebook pixel, marketers usually have 2 phases.

The first phase is to drive traffic to their website in hope of converting the leads to sales.

And in the second phase, they have two options.

1. Retarget customers that have purchased an item or
2. Retarget customers that have added an item to the cart but did not checkout.

Information Security Is Hard

I am into web application security and am always thinking of ways to explain a security flaw to someone non-technical.

Usually, the explanation of XSS vulnerability consists of cookie stealing or defacement.

All of these ideas are pretty abstract and do not resonate well with a non-technical person.

So here goes another attempt in getting them to understand the severity of a persistent XSS.

Scenario

As a business owner imagine someone were to inject their own Facebook pixel into your website.

An attacker is then able to retarget all of your audience that was converting to their own.

Remember in the beginning I mentioned the first phase – to drive traffic?

Unless you are already ranking on Google, it is not cheap to drive traffic. So no business owner in the world is willing to let someone else retarget their customers.

Back to the mindset of an attacker.

Why would an attacker do this right?

If they could gain administrative access and deface a competitor’s site, why all this trouble?

The reason is simple. It’s hard to detect.

How often do business owners check the elements of their websites?

Even if they do, they would probably overlook the fact that there is an extra Facebook pixel that should not be there.

Position of Security Consultants

I think the role of a security consultant is unique.

Business people need to think in the shoes of their customers.

The C-level executive needs to think in the shoes of their employees.

But as a security consultant, you need to put yourself in the shoes of both a developer and the website owner.

It is your job to not only find the vulnerability but also make it meaningful so that the receiving end understands the severity of the vulnerability.

If you are a computer science student or someone who enjoys working on a VPS, chances are you are using Terminal 90% of the time.

Unless you are working on UI using a terminal, mastering some terminal commands brings about some benefits.

Maybe it’s just me. But ever since being comfortable with terminal commands, I realized that I had slowly shifted away from UI.

Or maybe I get the feeling of being an l33t hacker getting simple operations done using the terminal.

While working on VPS, there was always a problem of wanting to run a script on it without maintaining an SSH connection.

In addition, terminals that are full screen usually utilize only half the screen and it is a waste of space.

In this tutorial, you will learn how to keep the script running without maintaining a connection as well as maximizing your terminal to its fullest potential.

This tmux tutorial includes

• Creating a session
• Detaching a session
• Creating a new window
• Switching windows
• Navigating between windows
• Splitting panes
• Navigating between panes

To install tmux type the following:

sudo apt-get install tmux

How Tmux Works

First, let’s first understand how tmux works.

When you execute a tmux command, a tmux server is launched.

Every activity that is launched in the tmux window happens within the server.

Commands or scripts ran within this server continue even after the SSH daemon has closed.

There are three terms while using tmux.

1. Session
2. Window
3. Panes

A session is a single collection of pseudo terminals under the management of tmux.

Each session has one or more windows linked to it.

A window occupies the entire screen and may be split into rectangular panes, in which each pane is a separate pseudo terminal.

_{Quoted from: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1?query=tmux&sec=1}

Tmux Usage

This is optional but you can first ssh into a VPS to experience the full potential of this tool.

I recommend RamNode(aff link) and it is the VPS provider I use when working on small projects.

Session

To create a new Session, issue the following command:

tmux new -s session1

To detach a session, type the following:

(Ctrl + b) + d

_{Note: Type “Ctrl+b” followed by the ”d” key separately}

Now I will create another session called session2:

tmux new -s session2

And detach the session (Ctrl + b) + d to return to the main terminal.

You can list all the sessions by issuing the command:

tmux ls

To enter a session that was previously created, type:

tmux attach -t

In this tutorial, we will be attaching to session 1. Therefore, the command will be:

tmux attach -t session1