PHP function to anonymize HTTP GET requests using the Tor network

Recovered from my old blog.

function torHttpGet($url, $ref) {  
$torIPPort="127.0.0.1:8118"; //tor's ip and port
$agentBrowser = array('Firefox','Safari','Opera','Flock','Internet Explorer','Ephifany','AOL Explorer','Seamonkey','Konqueror','GoogleBot');
$agentOS = array('Windows 2000','Windows NT','Windows XP','Windows Vista','Redhat Linux','Ubuntu','Fedora','FreeBSD','OpenBSD','OS 10.5');

$useragent=$agentBrowser[rand(0,7)].'/'.rand(1,8).'.'.rand(0,9).' (' .$agentOS[rand(0,11)].' '.rand(1,7).'.'.rand(0,9).'; en-US;)';
$curl_obj = curl_init();
curl_setopt($curl_obj, CURLOPT_URL, $url); curl_setopt($curl_obj, CURLOPT_REFERER, $ref);
curl_setopt($curl_obj, CURLOPT_HEADER, TRUE); curl_setopt($curl_obj, CURLOPT_HTTPGET, TRUE);
curl_setopt($curl_obj, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl_obj, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($curl_obj, CURLOPT_MAXREDIRS, 3); curl_setopt($curl_obj, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl_obj, CURLOPT_TIMEOUT, 10); curl_setopt($curl_obj, CURLOPT_USERAGENT, $useragent);
curl_setopt($curl_obj, CURLOPT_PROXY, $torIPPort); curl_setopt($curl_obj, CURLOPT_CURLOPT_ERRORBUFFER, TRUE); //human readable errors
$page = curl_exec($curl_obj);
$err = curl_error($curl_obj);
curl_close($curl_obj);

if(strlen($err) > 0)
return -1;
else
return $page;

}

Watermarking videos with ffmpeg in Ubuntu 9.1

Last week I wanted to automatize watermarking some .flv videos but ffmpeg’s vhook support is deprecated in newer versions including the one in the repositories of Ubuntu 9.1.

Since it took me some time to figure out what packages and compilation flags I needed I wrote this short tutorial about watermarking videos with ffmpeg in Ubuntu 9.1. Including compiling ffmpeg from source to support deprecated vhooks.

Get ffmpeg’s source code

Download and untar ffmpeg 0.5.2 stable. We are using this version because they have removed vhook support from their repositories.

http://www.ffmpeg.org/releases/ffmpeg-0.5.2.tar.gz

Install the dependencies

Install the following packages:

sudo apt-get install libfreetype6-dev libfaac-dev libfaad-dev
libmp3lame-dev libtheora-dev libx264-dev libxvidcore4-dev libpostproc-dev

Compile ffmpeg from source

cd <ffmpeg's src dir>
./configure --enable-gpl --enable-nonfree --enable-pthreads
--enable-libfaac --enable-libfaad --enable-libmp3lame --enable-libtheora
--enable-libx264 --enable-libxvid --enable-postproc
make
sudo make install

Watermarking videos with ffmpeg with drawtext.so

ffmpeg -i video.flv -vhook '/usr/local/lib/vhook/drawtext.so 
-f /usr/share/fonts/truetype/msttcorefonts/arial.ttf -x 5 -y 5 -t yourtext'
 out.avi

PHPIDS Component Implementation for CakePHP

I posted a CakePHP component implementation of PHPIDS today. It includes the latest PHPIDS version (0.6.4).

http://github.com/cldrn/cakephpids/tree/master/component/

What I like about the component implementation is that you set the actions you want to monitor when you import the component in the corresponding controllers or your main app_controller.php. Something like this:

var $components=array(‘Cakephpids’=>array( ‘protectedActions’=>array(‘login’,’add’,’register’,’display’)));

Putting this in your main app_controller will run the IDS only when the actions login,register and add are executed.

XSS vulnerabilities in Croogo CMS 1.3

Summary

Croogo CMS is prone to HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Details

Vulnerable Software: 1.3
Full disclosure Date: 2010-06-14
Last Update: 2010-05-10
Critical: Low
Impact: HTML injection
           Session hijack
           Denial of service
           Code execution

Solution Status: Vendor informed and patch submitted to public repository

BACKGROUND
======================= 

Croogo is a content management system gaining popularity rapidily in the CAKEPHP community.

DESCRIPTION
======================= 

Croogo CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

EXPLOIT / POC
======================= 

Attackers can exploit this issue with a web browser sending malicious code through the field ‘name’ located in the user registration form (http://site/users/add) or the field ‘data[Comment][body]’ in the “add a comment” form to comment on a post (http://site/comments/add/).

This time the field ‘data[Comment][body]’ gets sanitized correctly but Tipsy, a Javascript library in charge of creating the tooltips, decodes again the stored sanitized string and it allows html injection in the admin panel.

WORKAROUND
======================= 

Upgrade to Croogo 1.3.1 or apply patch Croogo’s public repository

DISCLOSURE TIMELINE
======================= 

2010/05/08 – Vulnerability discovered
2010/05/08 – Vendor contacted
2010/05/1 2 – Patch submitted to Croogo’s public source code repositories
2010/06/14 – Full disclosure

REFERENCES
======================= 

Croogo CMS – Croogo CMS Official website
Croogo on GitHub – Croogo GitHub
Websec’s advisory permalink – http://websec.ca/advisories/view/ws10-08-croogo_cms_1.3_xss_vulnerabilities