<?xml version="1.0" encoding="utf-8"?><feedxmlns="http://www.w3.org/2005/Atom"><generatoruri="https://jekyllrb.com/"version="4.0.0">Jekyll</generator><linkhref="http://localhost:4000/feed.xml"rel="self"type="application/atom+xml"/><linkhref="http://localhost:4000/"rel="alternate"type="text/html"/><updated>2020-09-08T05:11:07+00:00</updated><id>http://localhost:4000/feed.xml</id><entry><titletype="html">How to Solve The Django Deployment Puzzle</title><linkhref="http://localhost:4000/2020/08/18/django-deployment.html"rel="alternate"type="text/html"title="How to Solve The Django Deployment Puzzle"/><published>2020-08-18T00:00:00+00:00</published><updated>2020-08-18T00:00:00+00:00</updated><id>http://localhost:4000/2020/08/18/django-deployment</id><contenttype="html"xml:base="http://localhost:4000/2020/08/18/django-deployment.html"><p>A few days ago I had a Django project I wanted to put on a real server.
<?xml version="1.0" encoding="utf-8"?><feedxmlns="http://www.w3.org/2005/Atom"><generatoruri="https://jekyllrb.com/"version="4.0.0">Jekyll</generator><linkhref="http://localhost:4000/feed.xml"rel="self"type="application/atom+xml"/><linkhref="http://localhost:4000/"rel="alternate"type="text/html"/><updated>2020-09-09T00:31:16+00:00</updated><id>http://localhost:4000/feed.xml</id><entry><titletype="html">lamegames.tait.tech</title><linkhref="http://localhost:4000/2020/09/09/lamegames.html"rel="alternate"type="text/html"title="lamegames.tait.tech"/><published>2020-09-09T00:00:00+00:00</published><updated>2020-09-09T00:00:00+00:00</updated><id>http://localhost:4000/2020/09/09/lamegames</id><contenttype="html"xml:base="http://localhost:4000/2020/09/09/lamegames.html"><p>This is an announcement for a new project of mine:
<p>This is something I’m really excited to work on!</p>
<p>Right now, I’ve just got a rock-paper-scissors game.
A chat function, and a few simple card games to come.</p>
<p>Check out the repository on my <a href="https://github.com/TTWNO/lamegames.io">Github</a>.</p></content><author><name></name></author><summarytype="html">This is an announcement for a new project of mine: lamegames.tait.tech.</summary></entry><entry><titletype="html">How to Solve The Django Deployment Puzzle</title><linkhref="http://localhost:4000/2020/08/18/django-deployment.html"rel="alternate"type="text/html"title="How to Solve The Django Deployment Puzzle"/><published>2020-08-18T00:00:00+00:00</published><updated>2020-08-18T00:00:00+00:00</updated><id>http://localhost:4000/2020/08/18/django-deployment</id><contenttype="html"xml:base="http://localhost:4000/2020/08/18/django-deployment.html"><p>A few days ago I had a Django project I wanted to put on a real server.
This project is still in its infancy, but I thought it would be nice to put it on my resume and show my friends.
Little did I know the headache coming my way.
Here are some tips to help you not make the same mistakes as me.</p>
<p><em>Happy hacking 2.0!</em></p></content><author><name></name></author><summarytype="html">Despite the long name of the article, I have a feeling this may apply to more people than I might think. If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!</summary></entry><entry><titletype="html">What is XSS?</title><linkhref="http://localhost:4000/2020/04/25/xss.html"rel="alternate"type="text/html"title="What is XSS?"/><published>2020-04-25T00:00:00+00:00</published><updated>2020-04-25T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/25/xss</id><contenttype="html"xml:base="http://localhost:4000/2020/04/25/xss.html"><p>I found a cross-site scripting (XSS) attack
in a well-known quiz hosting website.
I disclosed the vulnerability to them years ago, so I thought
now might be a good time to write about it.</p>
<p>In this first article I will explain what XSS is.</p>
<p>In the next article I will explain how I found this attack.</p>
<h2 id="what-is-cross-site-scripting-xss">What is cross-site scripting (XSS)</h2>
<p>Cross-site scripting, XSS for short,
is a technique to execute arbitrary Javascript code on a user visiting a website
by linking to Javascript code stored on another server.</p>
<p>So for example:</p>
<p>I have a file on my website called <a href="/assets/js/hacked.js">hacked.js</a>.
If I was able to run this javascript file on anybody visiting a certain website <em>that is not mine</em>, this would be called cross-site scripting.</p>
<p>Click the above <code class="highlighter-rouge">hacked.js</code> link to view the code I use to “hack” this website.
It’s safe, I promise ;)</p>
<p>Now, how can we get this code to execute when a user visits this site?
To explain, I will start with some of the underlying technologies.</p>
<p>No, this is not a Sherlock Holmes novel!</p>
<p>If we suppose that a website is built with sequences like these (called “tags”):
<code class="highlighter-rouge">&lt;body&gt;</code>, <code class="highlighter-rouge">&lt;p&gt;</code> (for paragraph), <code class="highlighter-rouge">&lt;link&gt;</code> and <code class="highlighter-rouge">&lt;b&gt;</code> for bold,
then why can you <em>see</em> the left and right angle bracket characters?
Don’t they mean something? Shouldn’t they be telling the browser:
<em>“Hey! Make me bold!”?</em>
Why <em>doesn’t</em> everything after me typing <code class="highlighter-rouge">&lt;b&gt;</code> turn bold?</p>
<p>The answer is:</p>
<p>There are special characters in HTML to type a visible left (&lt;)
and visible right angle bracket (&gt;) in a website.
If I use the left and right brackets on my keyboard however,
things will indeed <b>show up bold</b>.</p>
<p>This is the code for the sentence I wrote above:</p>
<pre class="terminal">
There are special characters in HTML to type a visible left (&amp;lt;)
and visible right angle bracket (&amp;gt;) in a website.
If I use the left and right brackets on my keyboard however,
things will indeed &lt;b&gt;show up bold&lt;/b&gt;.
</pre>
<p>Notice how all visible left angle brackets use an <code class="highlighter-rouge">&amp;lt;</code> to show them?</p>
<p>These are called <a href="https://en.wikipedia.org/wiki/Escape_character">escape characters</a>.
They tell a system, in this case your web browser:
<em>“Hello! Please show me off! I don’t want to be hidden.”</em></p>
<p>Most of the time XSS attacks are done using poorly sanitized HTML <code class="highlighter-rouge">&lt;input&gt;</code> elements.</p>
<p>Sanitization is when a program (usually on the server side),
will remove characters like <code class="highlighter-rouge">&lt;</code> and replace them with the aforementioned “escape characters”.
Internally this would be something like <code class="highlighter-rouge">&amp;lt;</code>,
but they would show up to a user as <code class="highlighter-rouge">&lt;</code>.</p>
<p>When inputs are not properly sanitized <em>and</em> the input is shown to the user in another part of the website,
then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
For example: a name for a quiz website (input) and the leaderboard for said quiz (display).</p>
<p>HTML, by itself is not very dangerous.
The worst thing you could do is probably put a link on your name,
and then point it to a porn site.
Make your name bold, italic. Maybe make the background a funny color.
Although this may annoy your victim it is not dangerous security wise.</p>
<p>There is one tag however, that <em>is</em> scary…</p>
<p>The <code class="highlighter-rouge">&lt;script&gt;</code> tag allows you to write code that can:</p>
<ol>
<li>Change the page contents.</li>
<li>Redirect the user to a new page automatically.</li>
<li>Get a user’s location.</li>
<li>Open a user’s microphone/webcam.</li>
<li>With the <code class="highlighter-rouge">src</code><a href="https://www.w3schools.com/htmL/html_attributes.asp">attribute</a> you can also load a script from another site. (This is XSS)</li>
</ol>
<p>Those last two will ask for permission from the user (if their browser isn’t insanely insecure).</p>
<p>In my next article I’ll talk about a website I found which is vulnerable to this attack.
And, show you how you can run your own XSS attack.</p></content><author><name></name></author><summarytype="html">I found a cross-site scripting (XSS) attack in a well-known quiz hosting website. I disclosed the vulnerability to them years ago, so I thought now might be a good time to write about it.</summary></entry></feed>
<p><em>Happy hacking 2.0!</em></p></content><author><name></name></author><summarytype="html">Despite the long name of the article, I have a feeling this may apply to more people than I might think. If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!</summary></entry></feed>
Tait Hoyem
4 years ago