Dear Groupees.com
Wow guys. There are two things that seem to have occured here:
1. You put together a Bundle that is super incredible and EVERYBODY wants a piece of it.
2. Your web servers are ancient, outdated, or simply unable to handle any sort of load.
The first is a fantastic sign, the second...not so much. I am extremely eager to get my hands on this bundle (and I'm sure tens of thousands of others are as well). So I'm hoping you all can get your systems up and running with a much higher load capacity.
Perhaps a waitlist system would work in the meantime (while you ramp up capacity for the next epic bundle). Honestly though, this is the most epic bundle since the Humble Indie Bundle 3 was released (which included HIB 1&2 inside it as well).
Cheers!
Hope you get up and running soon.
Humor4Fun
This is regarding the Be Mine Indie Game Bundle that they are supposed to be serving up as of 2012-02-14:12:00PM. But their systems crashed almost instantly yesterday and pre-instantly today. After yesterday's overload, they brought the site offline for a few hours with the promise to relaunch today at noon, but as of 12:00:15 (15 seconds after the launch went live) the system was down again.
Wednesday, February 15, 2012
Monday, January 23, 2012
WebGoat - AJAX Security
LAB - DOM-Based Cross-Site Scripting (XSS)
Stage 1:
<img src=http://127.0.0.1/WebGoat/images/logos/owasp.jpg>
Stage 2:
<img onclick="Javascript:alert('xss')" src=http://127.0.0.1/WebGoat/images/logos/owasp.jpg>
LAB - Client Side Filtering
Inspecting the HTML we find this:
<tr id="112">
<td> 112 </td>
<td> Neville </td>
<td> Bartholomew </td>
<td> 111-111-1111 </td>
<td> 450000 </td>
</tr>
Same Origin Policy Protection
Click each of the links and oberve their results
DOM Injection
Intercept the HTML on incoming and modify the form to be (delete the disabled attribute)
<input type="SUBMIT" name="SUBMIT" value="Activate!">
XML Injection
Intercept the HTTP POST request that is sent when entering the ID into the ID field
Add the following lines
<reward>WebGoat Core Duo Laptop 2000 Pts</reward>
<reward>WebGoat Hawaii Cruise 3000 Pts</reward>
Then when the page loads, select those items and click submit.
JSON Injection
Intercept the HTTP GET request that is sent when entering the To: field
Edit the Cost field to be a lower price (particularly 300 in this case), then forward the request.
Select the cheaper flight, then click Submit.
Silent Transaction Attacks
Looking through the Javascript that is inside the page we find this:
function submitData(accountNo, balance) {
var url = 'attack?Screen=40&menu=400&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value;
if (typeof XMLHttpRequest != 'undefined') {
req = new XMLHttpRequest();
} else if (window.ActiveXObject) {
req = new ActiveXObject('Microsoft.XMLHTTP');
}
req.open('GET', url, true);
req.onreadystatechange = callback;
req.send(null);
}
So a carefully crafted URL can be visited to simply perform the transfer:
http://127.0.0.1/WebGoat/attack?Screen=40&menu=400&show=NextHint&from=ajax&newAccount=23&amount=75&confirm=Confirm
Dangerous Use of Eval
Looking at the HTTP response alert syntax, we can craft an input that will inject an additional alert call with the cookie into it.
111');alert(document.cookie);('
Insecure Client Storage
Stage 1:
Looking at the Javascript we can simply see a list of Coupon codes. However they are "encrypted" using the simple Caesar encryption, so it is simple enough to decipher them.
Find a Javascript Executor and enter this code into it (included is one of the coupons)
Javascript:code = "EMPH"; alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";caesar = '';for (i = code.length ;i >= 0;i--){for (j = 0;j
When executed, this code alerts "GOLD" as the deciphered text.
Stage 2:
For stage 2 you will need a plugin for your browser. Simply "Make Fields Writable" and you can edit the "Price" field to be $0.00
Stage 1:
<img src=http://127.0.0.1/WebGoat/images/logos/owasp.jpg>
Stage 2:
<img onclick="Javascript:alert('xss')" src=http://127.0.0.1/WebGoat/images/logos/owasp.jpg>
LAB - Client Side Filtering
Inspecting the HTML we find this:
<tr id="112">
<td> 112 </td>
<td> Neville </td>
<td> Bartholomew </td>
<td> 111-111-1111 </td>
<td> 450000 </td>
</tr>
Same Origin Policy Protection
Click each of the links and oberve their results
DOM Injection
Intercept the HTML on incoming and modify the form to be (delete the disabled attribute)
<input type="SUBMIT" name="SUBMIT" value="Activate!">
XML Injection
Intercept the HTTP POST request that is sent when entering the ID into the ID field
Add the following lines
<reward>WebGoat Core Duo Laptop 2000 Pts</reward>
<reward>WebGoat Hawaii Cruise 3000 Pts</reward>
Then when the page loads, select those items and click submit.
JSON Injection
Intercept the HTTP GET request that is sent when entering the To: field
Edit the Cost field to be a lower price (particularly 300 in this case), then forward the request.
Select the cheaper flight, then click Submit.
Silent Transaction Attacks
Looking through the Javascript that is inside the page we find this:
function submitData(accountNo, balance) {
var url = 'attack?Screen=40&menu=400&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value;
if (typeof XMLHttpRequest != 'undefined') {
req = new XMLHttpRequest();
} else if (window.ActiveXObject) {
req = new ActiveXObject('Microsoft.XMLHTTP');
}
req.open('GET', url, true);
req.onreadystatechange = callback;
req.send(null);
}
So a carefully crafted URL can be visited to simply perform the transfer:
http://127.0.0.1/WebGoat/attack?Screen=40&menu=400&show=NextHint&from=ajax&newAccount=23&amount=75&confirm=Confirm
Dangerous Use of Eval
Looking at the HTTP response alert syntax, we can craft an input that will inject an additional alert call with the cookie into it.
111');alert(document.cookie);('
Insecure Client Storage
Stage 1:
Looking at the Javascript we can simply see a list of Coupon codes. However they are "encrypted" using the simple Caesar encryption, so it is simple enough to decipher them.
Find a Javascript Executor and enter this code into it (included is one of the coupons)
Javascript:code = "EMPH"; alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";caesar = '';for (i = code.length ;i >= 0;i--){for (j = 0;j
When executed, this code alerts "GOLD" as the deciphered text.
Stage 2:
For stage 2 you will need a plugin for your browser. Simply "Make Fields Writable" and you can edit the "Price" field to be $0.00
Subscribe to:
Posts (Atom)