1 February 2017
Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn’t know a file-extension, it will just take the next one. If someone saves a file called “shell.php.ab”, apache would not know what to do with the extension “.ab”. So it will just skip this one and uses the next one and the file “evil.php.ab” becomes “evil.php” and gets executed. I wondered how long it will take until a related bug will occur and I was not surprised when I read aboutthis nasty bug.
26 January 2017
Overview
- System affected: VirtualBox
- Software-Version: prior to 5.0.32, prior to 5.1.14
- User-Interaction: Required
- Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell
13 January 2017
Certificate Transparency is a great idea. All certificate-related activities on a certificate authority will be logged into a public database(it’s a merkle-table), so that anyone can monitor or review the certificates. Commodo published a very handy web-tool to query the logs.
12 January 2017
dr@tardis$ psql -U postgres
psql (9.4.9)
Type "help" for help.
postgres=# update pg_database set datallowconn = TRUE where datname = 'template0';
UPDATE 1
postgres=# \c template0
You are now connected to database "template0".
template0=# update pg_database set datistemplate = FALSE where datname = 'template1';
UPDATE 1
template0=# drop database template1;
DROP DATABASE
template0=# create database template1 with template = template0 encoding = 'UTF8';
CREATE DATABASE
template0=# update pg_database set datistemplate = TRUE where datname = 'template1';
UPDATE 1
template0=# \c template1
You are now connected to database "template1".
template1=# update pg_database set datallowconn = FALSE where datname = 'template0';
UPDATE 1
23 December 2016
I wish you all a Very Merry Christmas and a beautiful time
PS: I found this nice html-css-hack at codepen.io
18 December 2016
I experienced an interesting problem: on a Debian Jessie host with squidguard: update-squidguard threw the following error-message:
root@34697f9f06a2:/# update-squidguard
/usr/sbin/update-squidguard: 69: test: dbhome: unexpected operator
Rebuild SquidGuard database - this can take a while.
On Debian Wheezy it returns with the following error:
18 December 2016
I got the following error while compiling a Latex-File:
compiling MyLatexfile.tex...
tex/virtualbox.tex:1: Package inputenc Error: Unicode char \u8: not set up for use with LaTeX.
So I checked the encoding of the file and saw that it looked like this:
file tex/virtualbox.tex
tex/virtualbox.tex: LaTeX document, UTF-8 Unicode (with BOM) text, with very long lines
It seems that inputenc does not like utf-8 with Byte Order Mark. So I removed it using the following sed-command:
sed -i '1 s/^\xef\xbb\xbf//' virtualbox.tex
7 December 2016
Mysql does not connect to a given port if the host is localhost.
My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.
Tag Cloud
Network Email Btrfs Firewall Mathematics Kernel Downloads Open-Source Raspberry C Fun Mail Hardware Docker Sysadmin CVE Bash Proxy Database Debian Software-Raid xmas Backup Desktop Anniversary Ansible Certification Nagios Security Shell CLI Tricks Blog Virtualization Postgresql One-Liner HackADay Crypto LVM ccc Web Programming PHP News Ruby git Zsh Multimedia External Puppet Linux openssl TerminalEmulator Suricata vim Perl apache Toscom logrotateRecent Posts
- Decidim: Stored XSS in embedded URLs for Decidim Meetings
- Decidim-Awesome: SQL Injection in AdminAccountability
- AttackMate A modern open source tool for automating cyberattack
- BalCCon2k24 was amazing
- FIWARE Keyrock: Command Injection in Organisationname
- FIWARE Keyrock: Command Injection in Applicationname
- FIWARE Keyrock: Activation of any new user
- FIWARE Keyrock: Deactivate 2-factor-auth of any user
- FIWARE Keyrock: Manipulate passwords of any user
- Contributing a Metasploit Exploit