ethicalhack3r

Concrete5 5.5.2.1 Multiple Authenticated Cross-Site Scripting (XSS)

# Exploit Title: Concrete5 5.5.2.1 Multiple Authenticated Cross-Site Scripting (XSS)
# Date: 2012-08-25
# Author: Ryan ‘ethicalhack3r’ Dewhurst (www.ethicalhack3r.co.uk)
# Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.5.2.1/
# Version: 5.5.2.1

1.Vulnerability Description

Multiple authenticated Cross-Site Scripting (XSS) vulnerabilities were identified within Concrete5 version 5.5.2.1. Also reported were some cookie security improvements. The first Concrete5 advisory can be found here [1].

2.Software Description

CMS made for Marketing but built for Geeks, concrete5 [0] is a content management system that is free and open source.

3. Vulnerability Information

read more…

Posted on 25 August, 2012 by ethicalhack3r

No Comments

Sunday Ruby Coding: Caesar Cipher (ROT) Encoder/Decoder

It has been a rainy Sunday so I wrote a Caesar Cipher (ROT) Encoder/Decoder in Ruby to ease the boredom.

#!/usr/bin/env ruby

#
# Caesar Cipher (ROT) Encoder/Decoder - Ryan 'ethicalhack3r' Dewhurst - 05.08.2012
#

@alphabet = ('a'..'z').to_a

def encode(plaintext)
  plaintext = plaintext.gsub(/\s+/, '').downcase

  @alphabet.each do |letter|
    encoded_forward = ''

    plaintext_position = @alphabet.index(plaintext[0].chr)
    cipher_position = @alphabet.index(letter)
    position_difference = plaintext_position - cipher_position

    plaintext.split('').each do |char|
      encoded_forward += @alphabet.at(position_forward_count(@alphabet.index(char), position_difference)).to_s
    end

    puts "Shifted #{position_difference} to '#{letter}' - #{encoded_forward}"
  end

end

def decode(cipher)
  cipher = cipher.gsub(/\s+/, '').downcase

  @alphabet.each do |letter|
    deciphered_forward = ''

    cipher_position = @alphabet.index(cipher[0].chr)
    clear_position = @alphabet.index(letter)
    position_difference = cipher_position - clear_position

    cipher.split('').each do |char|
      deciphered_forward += @alphabet.at(position_forward_count(@alphabet.index(char), position_difference)).to_s
    end

    puts "Shifted #{position_difference} to '#{letter}' - #{deciphered_forward}"
  end

end

def position_forward_count(current_position, position_difference)
  position_total = (current_position + position_difference)
  position_total > 25 ? position_total - 25 : position_total
end

puts '[Decode]'
decode('W KHTXLFNEUZQ IRA MXPSVR  YHU WKH ODCB GRJ')
puts '[Encode]'
encode('plaintext')

Posted on 5 August, 2012 by ethicalhack3r

No Comments