WordPress 4.2 Stored XSS

Earlier this week WordPress 4.1.3. It fixed an XSS exploit discovered by a former student of mine. This week a new exploit – even in the new WordPress versions, including 4.2 – was uncovered.

Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments.

If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Here’s how it works:

If the comment text is long enough, it will be truncated when inserted in the database. The MySQL TEXT type size limit is 64 kilobytes, so the comment has to be quite long.

The truncation results in malformed HTML generated on the page. The attacker can supply any attributes in the allowed HTML tags, in the same way as with the two recently published stored XSS vulnerabilities affecting the WordPress core.

Until a patched WordPress is available, it is wise to disable comments. I guess (read: think but haven’t tested it yet) that configuring your MySQL server with STRICT_ALL_TABLES would also work, as it should then trigger an error when too much data is attempted to being inserted.

WordPress 4.2 Stored XSS →

Elsewhere , , , Leave a comment

rust: es6 + THREE.js + glslify experiment

mattdesl_2015-Apr-19

Rust →
Rust Source (GitHub) →

Elsewhere , , Leave a comment

Star Wars: The Force Awakens

SHUT UP AND TAKE MY MONEY!

Elsewhere , Leave a comment

The Attachment, a digital road movie

Dutch-spoken (along with a tad of English) video by Dutch ISP XS4ALL. It follows the travels of a man who decides to physically bring a photo to his brother who lives in the USA, instead of just sending him an email.

Elsewhere , Leave a comment

Hyundai : A Message to Space

Stephanie from Houston misses her astronaut father working at the International Space Station. Watch how her special message was delivered to her father in space.

Elsewhere , Leave a comment

Progressive enhancement with handlers and enhancers

var handlers = {
	'overlay' : function(e) {
		 // This function is executed on click of any element with 
		 // 'overlay' in its data-handler attribute.
		 // The click event is in 'e', $(this).attr('data-foo') holds the
		 // value of data-foo of the element the user clicked on 
    },
    'another-function-name' : function(e) {}
};

$(function() {
    'use strict';
    // generic click handler
    $(document).on('click', '[data-handler]', function(event) {
        var handler = this.getAttribute('data-handler');
        // honour default behaviour when using modifier keys when clicking
        // for example:
        // cmd + click / ctrl + click opens a link in a new tab
        // shift + click opens a link in a new window
        if (this.tagName === 'A' && (event.metaKey || event.ctrlKey || event.shiftKey)) {
            return;
        }
        if (handlers && typeof handlers[handler] === 'function') {
            handlers[handler].call(this, event);
        }
        else {
            if (window.console && typeof console.log === 'function') {
                console.log('Non-existing handler: "%s" on %o', handler, this);
            }
        }
    });
});

Hidde De Vries (@hdv):

When JavaScript is used to handle user interactions like clicks, or enhance the page by manipulating the DOM, traditionally you’d have JavaScript find that HTML element in your page, and hook some code into it. But what if you’d switch that around, and have the HTML element “tell” JavaScript what function to execute?

Using a tad of JavaScript the link below will be opened in an overlay upon click, instead of the normal flow:

<a href="#punk-ipa" data-handler="overlay">More about Punk IPA</a>

Reminds me of the data-showinoverlay attribute I add to links which need to be shown in an overlay. Great to see that Hidde took a generic approach to this as my data-showinoverlay approach is limited to only that one functionality.

Next to handlers, enhancers are also discussed.

Progressive enhancement with handlers and enhancers →

Elsewhere , , , Leave a comment

Game of Thrones Season 5: pre-season briefing

The fifth season of Game of Thrones starts on Sunday. The last time you saw any of these characters was a year ago. What were they up to? Here’s a quick tour of the map and character locations

Of course: huge spoiler alert if you haven’t seen the first four seasons yet.

Elsewhere , Leave a comment

WipEout WebGL Model Viewer

wipeout-arridos

The track itself is stored in several distinct files. The most interesting of which are TRACK.TRV, containing raw vertices, and TRACK.TRF containing the track faces as quads of 4 index pointers into the vertices. Pretty straight forward.

Reverse Engineering WipEout →
WipEout Model Viewer, A WebGL Expiriment →

Elsewhere , , , Leave a comment

The Ingenious Design of the Aluminum Beverage Can

The aluminium beverage can is so ubiquitous that it is easy to take for granted. The next time you take a sip from one, consider the decades of ingenious design required to create this modern engineering marvel.

Elsewhere , Leave a comment

Mobile Development with a #devops mindset

Kick-ass presentation which Patrick Debois – the one and only – gave as a lecture to my students Web & Mobile Development. In the presentation he reflects on a recent high profile mobile app Small Town Heroes, the company he works at, launched:

This presentation shows how you can improve your mobile development cycle when you understand the devops feedback loop.

Elsewhere , , , Leave a comment