Jared Folkins

Plot.ly MathJax LaTeX Stored XSS

Tue, 16 Aug 2016 11:00:00 +0000

Summary

Plot.ly allowed user-controlled LaTeX content to be rendered through MathJax with JavaScript-capable hyperlink behavior enabled. A malicious plot author could create stored interactive content that executed JavaScript when another user interacted with a plot title or annotation.

Plotly.js SVG XSS and CSS Injection

Tue, 09 Aug 2016 23:39:56 +0000

Summary

Plotly.js returned malformed SVG markup from user-controlled plot fields. The rendered SVG allowed an attacker to inject executable behavior through link attributes and to trigger cross-domain resource loads through CSS.

Affected Surface

Product: Plot.ly / Plotly.js
Component: SVG text rendering and sanitization
Affected versions: Plotly.js before 1.16.0
Vulnerability classes: stored XSS, CSS injection, external resource injection

Impact

An attacker who could create or edit a plot could inject malicious SVG content that executed JavaScript in the Plot.ly web application when another user interacted with the plot. A second issue allowed remote image/resource loads, which could disclose viewer metadata and support user tracking.

Concrete5 ProBlog CSRF to Stored XSS

Mon, 23 May 2016 23:39:56 +0000

Summary

Concrete5 ProBlog accepted authenticated blog-create POST requests without validating an anti-CSRF token. The same workflow also trusted the supplied parent page ID, allowing a forged request to place attacker-controlled content outside the expected blog tree.

Concrete5 ProEvent SQL Injection to RCE

Thu, 14 Apr 2016 02:01:21 +0000

Summary

Concrete5 ProEvent exposed a SQL injection in calendar routes that passed unsanitized request parameters into the eventIs() query builder. The issue could be chained from unauthenticated route access to database modification, administrator login, file upload changes, and remote code execution on a standard LAMP deployment.

Understanding When To Use Channels Or Mutexes In Go

Sat, 23 Jan 2016 03:37:09 +0000

Problem Domain

Community - “Share Memory By Communicating”

Interpretation - “CHANNEL ALL TEH THINGZ!”

Because many developers come from backgrounds (Php, Ruby, Perl, Python) where unlike Go, concurrency is not a first class citizen, they struggle when learning about it. But they apply themselves and take the time to dig into Go’s concurrency model. And just as they finally feel they’ve come to grips, something painful happens. The developer decides to use their new found super-power (goroutines + channels) for absolutely everything and it suddenly becomes an anti-pattern.

How To: Shove data into Postgres using Goroutines and GoLang

Tue, 29 Oct 2013 19:24:01 +0000

After watching Rob Pike’s wonderful golang talk, ‘Concurrency Is Not Parallelism’, in which he uses the analogy of having many Gophers running around and getting work done. I realized that I wanted to program a test so as better to solidify the concept.

Hacking Java Bytecode for Programmers (Part4) – Krakatau And The Case Of The Integer Overflow

Tue, 25 Jun 2013 15:30:46 +0000

Index

Introduction

A funny thing happened on the way to crafting my next blog post. I met this very talented twenty-one year old student who goes by the handle Storyyeller, on an online forum. He offered to help educate me on how to write bytecode by hand. How freaking pro.

Hacking Java Bytecode for Programmers (Part3) – Yes, disassemble with Javap ALL OVER THE PLACE!

Tue, 28 May 2013 21:50:30 +0000

Index

Introduction

In Part 2 , I showed you at a high level, what Java Opcodes are and I also walked you through how to manipulate Strings inside of the compiled code. I’ve actually used the exact method discussed in that post to bypass some sanity checks in a Java application I was reverse engineering.

Hacking Java Bytecode for Programmers (Part2) – Lions, and Tigers, and OP Codes, OH MY!

Fri, 17 May 2013 16:49:18 +0000

Index

Introduction

In Part 1 , I showed you the basics of Hexadecimal, Hex Editors, and Java Bytecode. Refer to that post if you need to catch up. The following will be a simple exercise showing you how to manipulate the Java Bytecode directly.

Hacking Java Bytecode for Programmers (Part1) -The Birds and the Bees of Hex Editing

Tue, 14 May 2013 17:24:17 +0000

Index

Tools & References

Ubuntu 12.10
Java 1.7.0_15
Python 2.7
xxd
Bless Hex Editor
http://en.wikipedia.org/wiki/Java_bytecode
http://en.wikipedia.org/wiki/Hexadecimal
http://linuxcommand.org/man_pages/xxd1.html

Audience

Required: You should be comfortable in Linux ( 1+ years )
Required: You should be comfortable writing scripts ( 1+ years )
Desired: You have written web, desktop, or mobile applications ( 1+ years )
Desired: You have programmed in Java and Python ( 6 months )

What is Hexadecimal?

Computers execute binary code. But neck beards were fairly frustrated when editing a binary file and having to parse and edit huge number blocks of ones and zeros. The internet tells me that IBM came along and formalized a hexadecimal standard in the 1950s to pacify their geeks.

How to contribute to an open source project

Fri, 30 Nov 2012 19:56:55 +0000

I understand. I really do. I get nervous too when thinking about submitting the “ifs” and the “elses” to an existing open source project. Finding the time and the courage to submit code to an open source project is still difficult for me. Here are some opinions of mine that I offer to you. Hopefully it will help you along.

How To: Install FreeTDS and UnixODBC On OSX Using Homebrew For Use With Ruby, Php, And Perl

Tue, 10 Jan 2012 17:44:52 +0000

This little project started out as a basic script to connect to a Microsoft SqlServer and get data. It was a nightmare as I probably spent 15 hours learning about and troubleshooting both FreeTDS and UnixODBC. My pain is now your gain.

Newbs, Ruby, Profiling Memory Leaks Using Memprof, And Web Scraping with Mechanize

Mon, 08 Aug 2011 21:57:49 +0000

So for the past four weeks in my spare time, I’ve been writing a sweet web scraping application for a personal research project. After overcoming the majority of regex and pattern matching challenges, I was finally able to get my spider a crawlin’ and then go to bed.

About

Mon, 01 Jan 0001 00:00:00 +0000

Since the DotCom era Jared has worn many hats and is a full-stack talent in the purest sense. From architecting infrastructure with container recipes or hand crafting artisanal SQL, to programming applications or exploiting them, he loves it all. He is thankful to work with such a talented team and enjoys watching highly competent people do amazing things. When not nerding, he spends his time volunteering at his local Church to help free men from addiction. He does this alongside the love of his life Jaimi, while they work together to raise their meager brood of lovable kidlets.

Contact Me

Mon, 01 Jan 0001 00:00:00 +0000

jf``@``threathound``.``com

News

Mon, 01 Jan 0001 00:00:00 +0000

Projects

Mon, 01 Jan 0001 00:00:00 +0000

Jared Folkins

Plot.ly MathJax LaTeX Stored XSS

Summary

Plotly.js SVG XSS and CSS Injection

Summary

Affected Surface

Impact

Concrete5 ProBlog CSRF to Stored XSS

Summary

Concrete5 ProEvent SQL Injection to RCE

Summary

Understanding When To Use Channels Or Mutexes In Go

Problem Domain

How To: Shove data into Postgres using Goroutines and GoLang

Hacking Java Bytecode for Programmers (Part4) – Krakatau And The Case Of The Integer Overflow

Index

Introduction

Hacking Java Bytecode for Programmers (Part3) – Yes, disassemble with Javap ALL OVER THE PLACE!

Index

Introduction

Hacking Java Bytecode for Programmers (Part2) – Lions, and Tigers, and OP Codes, OH MY!

Index

Introduction

Hacking Java Bytecode for Programmers (Part1) -The Birds and the Bees of Hex Editing

Index

Tools & References

Audience

What is Hexadecimal?

How to contribute to an open source project

How To: Install FreeTDS and UnixODBC On OSX Using Homebrew For Use With Ruby, Php, And Perl

Newbs, Ruby, Profiling Memory Leaks Using Memprof, And Web Scraping with Mechanize

About

Contact Me

News

Projects

Projects

Contributor

Gameboy

Speaking

Media