thoughts, ideas, code and other things...

Thursday, September 06, 2007

My first linux ASM code

msg db "hello world",10
len dw 12

global start
mov eax,4 ; the 'write' syscall
mov ebx,1 ; on stdout
mov ecx,msg ; the string
mov edx,len ; its length
int 0x80 ; interrupt
mov eax,1 ; exit syscall
mov ebx,0
int 0x80 ;

Wooh!!! soon i will be reversing apps. nhahahaaa

Labels: ,

Monday, September 03, 2007

Stripping our javascript from user-input

Yesterday evening in the snail-slow-sluggish-s-s-s internet lab, Shaabi showed me the social networking website he had been working on from his school days. I immediately did very nasty things with its scrapbook feature which he was working on -

  • Inserted really really huge images into scrapbook entries. Allright no issues :D
  • Inserted javascript, it was prone to XSS. Okay still no biggie :D
  • Inserted recursive IFRAME tags!! Boom, maybe our sssslow lab systems can’t handle it.

We found out a snippet to get rid of such inputs and he quickly fixed the website.
]*?>.*?@si', // Strip out javascript
'@]*?>.*?@si', // Strip out javascript
'@]*?>.*?@siU', // Strip style tags properly
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@@' // Strip multi-line comments including CDATA
$text = preg_replace ($search, '', $document );
return $text;

Labels: ,