Browsed by
Kategori: IT/Development

GNU Kalops v1.0.0

GNU Kalops v1.0.0

Pure Open Source!

Kod:
 
require_once('cook_engine.php');

define('KÖTT', '1 KG');
define('KÖTT_TYPE', 'GRYTBITAR');
define('LÖK', 2);
define('MOROT', 2);
define('SMÖR', '2 MSK');
define('SMÖR_TYPE', 'MARGARIN');
define('SALT', '1 TSK');
define('VITPEPPAR', '1 KRM');
define('VETEMJÖL', '3 MSK');
define('VATTEN', '5 DL');
define('KRYDDPEPPARKORN', 10);
define('LAGERBLAD', 2);
define('STORLEK', '6 PRT');

define('KNIV', true);
define('SPIS', true);
define('SOURCE_HANDLE_SKÄR', 1);
define('SOURCE_HANDLE_SKAL', 2);
define('SOURCE_HANDLE_BRYN', 4);

define('COOK_DESTINATION', 'STEKGRYTA');

function HandleKalops()
{
    $Output = $CookEngine->Chop(KÖTT, KNIV, COOK_DESTINATION, null, SOURCE_HANDLE_SKÄR);
    $CookEngine->Skicka($Output, COOK_DESTINATION);

    $Output = $CookEngine->Chop(MOROT, KNIV, COOK_DESTINATION, null, SOURCE_HANDLE_SKAL);
    $CookEngine->Skicka($Output, COOK_DESTINATION);

    $CookEngine->Bryn(array(MOROT, LÖK, KÖTT, SMÖR));
    $CookEngine->Krydda(array(SALT, VITPEPPAR));
    while ($CookEngine->CookGuard)
    {
        if (KÖTT == "FINFÄRG")
        {
            continue;
        }
    }
    $CookEngine->Add(VETEMJÖL);
    $CookEngine->Add(VATTTEN);
    $CookEngine->Add(KRYDDPEPPARKORN);
    $CookEngine->Add(LAGERBLAD);
    while ($CookEngine->CookGuard)
    {
        if (KÖTT == "MÖRT" && $CookEngine->CookTimer >= "2 TIMMAR")
        {
            continue;
        }
    }
    $CookEngine->Späd("VATTEN", define('TÄCKA_KÖTTET', true));
    $CookEngine->Wait('DUKA');
    if ($CookEngine->CookGuard_Test == FINISH)
    {
        return true;
    }
    else
    {
        return false;
    }
}


class UserHandle Extends CookEngine
{
    function Chop($type = '', $tool = '', $destination = 'trashbin', $size = '', $metod = '')
    {
        global $CookEngine;
        return $CookEngine->HanteraVerktyg($tool, $type, $size);
    }
}

$CookEngine->Init('KÖK');
while (HandleKalops() == false)
{
    // Wait here
}

$CookEngine->Servera();
$CookEngine->Ät();

?>
Bitmasking for C#

Bitmasking for C#

Referring to the scripts that handles the bitmasking for the dnsbl.tornevall.org-scripts, this is how to make the same routine in C-Sharp. Based on the Hashtable-namespace to get it as similar as possible.

Kod:
public Hashtable BitMask(int MaskVal, params  int[] bitcheck)
              {
                 Hashtable ReturnThis = new Hashtable();
                 Hashtable Arr = new Hashtable();
                 int loadbits = 8;
                 try { loadbits = bitcheck[0]; } catch (Exception)  { }
  
                 /*
                   * PHP SOURCE
                   * 
                   *   function bitmask ($bit = '', $loadbits = 8)
 *    {
                   *       for ($i = 0 ; $i < $loadbits ; ++$i) {$arr[] = pow(2,$i); }     //  Automatisera bitvärden
                   *       for ($i = 0 ; $i < count($arr) ; ++$i) {$mask[$i] = ($bit &  $arr[$i]) ? '1' : '0';}     // Sätt 1 till de bitvärden som är  påslagna
                   *       return $mask;
                   *   }
                   */
  
                 for (int i = 0 ; i  < loadbits ; ++i) {Arr.Add(i.ToString(), Math.Pow(2, i).ToString());}     // Automatisera bitvärden
 for (int i = 0; i < Arr.Count; ++i)  {ReturnThis.Add(i.ToString(), Convert.ToInt32(Convert.ToBoolean(MaskVal & Convert.ToInt32(Arr[i.ToString()].ToString()))).ToString());}
 return  ReturnThis;
              }

”How do I sort a HashTable?”

”How do I sort a HashTable?”

I consider hashtables in C# as a similarity to a normal array in PHP. But it’s not! Hashtables is great to use when it comes to ”temporary storage” of variables, but they are useless if you need to sort the information. Google doesn’t help either. It’s always about half solutions and you have to guess most of the time, how you should solve the problem, and it’s not getting better since I’m lazy. But this was actually solved. I needed to sort a kind of score of sales with the highest value on top, like in top ten. And it was for ASP.NET.

Via google I found out that an ArrayList could fix my issue. The only problem was that the sort was handled as strings, which gave a very ugly result.

So here’s my solution!

Kod:
  // [.. source ..]

  // The first hashtable content
  SalesData.Add(Säljare, SoldItems.ToString());

  // [.. more source ..]

  // Time to sort our data. Create a new hashtable!
  Hashtable SortList = new Hashtable();
  string CountString = "";

  // Scan through the salesmen and collect all values in reversed order (where all salesmen with 30 sold items will put in one
  // hash, 29 in another, and so on...
  foreach (string SalesScorers in SalesData.Keys)
  {
                               // Check the length of the counted items. If the answer is only "1", put a zero before the value
                               // so the outdata will be 01, 02, 03, ... 10, 11, 12, ... 28, 29, 30, and so on.

                               if (SalesData[SalesScorers].ToString().Length == 1) { CountString = "0" + SalesData[SalesScorers].ToString(); } else { CountString = SalesData[SalesScorers].ToString(); }

                               // Then add the new data, with the scores as a key, and the salespeople as the value.
                               // The nice part here is that the salespeople are identified with an id instead of their names, so there
                               // will always only be one space per person.                           if (!SortList.Contains(CountString))
                               {
                                                            SortList.Add(CountString, SalesScorers + " ");
                               }
                               else
                               {
                                                            SortList[CountString] += SalesScorers + " ";
                               }
  }

  // Now, create an arraylist, and sort it by the key.
  ArrayList Lista = new ArrayList(SortList.Keys);
  Lista.Sort();

  // Make the order descending, so the highest value will be put first
  Lista.Reverse();

At this point you can now foreach through all of the salesmen, and split them up into separate peaces, and the output result is beautiful!

There’s probably other ways too, but with HashTables there’s apparently no easy way to solve this, like it is in PHP where you can use the built-in sorting functions…

Discovered CSRF with AJAX, phpBB and Private Messaging…

Discovered CSRF with AJAX, phpBB and Private Messaging…

A few months ago I was asked a question, if it was possible to forge private messages on a webforum. I said yes of course, and explained – to the mortals – how it theoretically could be done with AJAX (or similar). But it’s not guaranteed that it does since AJAX are dependent of the browser security and the code running on the site. In my mind it should not be any problems however, as long as the browser doesn’t leave the domain, or the communication is handled by two trusted sites.

To see if my theory really worked, I decided to test it. I chose an older version of phpBB since this was (and probably still is for a lot of websites out there) actually a bug, and fixed in new releases – and phpBB is a forum that is both easy install and use. It’s also free, and used by many. Continue below…

Läs mer Läs mer

XSS at IMVU – Still unprotected

XSS at IMVU – Still unprotected

In the end of march 2007, the IMVU-team announced a flaw in their system that made it possible hijack other users accounts by simple XSS injections. Of course, the people behind those attacks were stupidly exposed since the hijackers were sending large amounts of credits to themself. The XSS was stopped by simply disabling all javascript/html-coding temporary until this issue was solved.

The issue was solved. Almost. One problem seem to be that the IMVU-team missed the natural way of evading such fixes. With a small change in a script that makes it possible to hijack accounts, the issue is still reachable by whoever that finds out the way to do this. Allowing users to enter their own html-code at any website will always open doors to new hacking threats. The best solution against such things is to really consider disabling this completely (or disable javascripting in the webbrowser). But then, IMVU will probably not be as ”fun” as the users there thinks it is now…

There are also two threads at the IMVU-forum that might be interesting, to refer to, regarding this subject.

The first thread is probably the first signs of where people started to discover that something was wrong.
The second thread is where IMVU disabled scripting, and where they was supposed to fix this issue.