Larholm.com

I am always amused when I take a personality test. I find it easy to discern the reasoning behind the questions and more often than not I disagree with the wording of specific questions. Just today, I found an interesting test with some funky sliders and graphs at personaldna.com, and the results are in:

And there you have it, I am a very manly and functional Benevolent Leader with low Authoritarianism. You can hover those individual color bars for an explanation of each.

Coincidentally, I am not a big fan of having Benevolent Leader turned into a link that points at personaldna.com as I have already been kind enough to link their way. So how do we remove this link but retain the hover functionality? If you’re curious the script code for embedding the above color bar is:

<script src=”http://personaldna.com/h/?k=ajbecRqMlZIdRcZ-OO-AAAAA-b077&t=Benevolent+Leader”>
</script>

There is a lack of input validation of the t parameter which enables a XSS vulnerability on personaldna.com. If you specify t=Benevolent+Leader',true);alert(location)// you are overwriting their script logic. If you specify t=</a>Benevolent+Leader you are injecting HTML. A properly URL encoded parameter would be t=%3C/a%3EBenevolent+Leader".

So there you have it, the same colored bar but without a link on the text portion

As I promised in my previous post I would be detailing a fresh 0day vulnerability in Firebug for my next post. Well, this is that post, or if you’ve just read the Hitch Hikers Guide to the Galaxy, that will be this post in the future which is now.

The culprit in the previous vulnerability was a lack of HTML escaping which allowed you to inject arbitrary HTML and Javascript into the Chrome context from which Firebug operates. Once you are running script with Chrome privileges you can do pretty much anything, open listening ports, send email, read/write/execute files - your typical system compromise.

Read the rest of this entry »

I’m posting a fresh 0day vulnerability in Firebug in my next post! But first, an analysis of the current 0day vulnerability:

Firebug is a very popular web application development tool that comes in quite handy when debugging HTML, CSS and Javascript. It’s intuitively easy to use, has got great features such as console logging and live debugging of XMLHTTPRequest queries and it gets the Thumb Up from Thor - I use it daily.

It seems that pdp over at gnucitizen discovered a 0day vulnerability in Firebug. Joe Hewitt, the author of Firebug, has published an entry on his blog about the Firebug v1.0.2 and v1.0.3 updates that he released in response.

Firebug is a great tool and Joe Hewitt is a fine developer, but when you combine the inherent lack of separation between trusted and untrusted content in Firefox with a development tool that exposes near-direct access to its custom-built HTML construction logic you will inevitably end up with some security vulnerabilities. The Javascript chrome code inside Firebug comes in at roughly 700KB, a large portion of which deals with the function oriented tag construction logic that Joe decided to implement in Firebug.

Read the rest of this entry »

Another visitor!

You might know me, you might not. In either case, welcome. I used to have my web presence on jscript.dk, but alas some domain shark grabbed it when I forgot to renew the domain.

So what will I amuse you with to stay a while? Mostly random musings over security vulnerabilities, javascript development, the web and myself. In the mean time I will be making a less bloggy template for WordPress and enjoy my Easter vacation.