{"id":1074,"date":"2018-05-25T19:40:06","date_gmt":"2018-05-25T18:40:06","guid":{"rendered":"http:\/\/www.floyd.ch\/?p=1074"},"modified":"2022-02-09T11:46:33","modified_gmt":"2022-02-09T10:46:33","slug":"activity-wrap-up-including-polyglots-rips-uploadscanner-and-java-fuzzing","status":"publish","type":"post","link":"https:\/\/www.floyd.ch\/?p=1074","title":{"rendered":"Activity wrap-up including polyglots, RIPS, UploadScanner and Java fuzzing"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/takesako\/status\/998063456279449601?s=20\" target=\"_blank\" rel=\"noopener noreferrer\">A tweet of takesako including a C\/C++\/Perl\/Ruby\/Python polyglot<\/a> got me interested, so I created <a href=\"https:\/\/github.com\/floyd-fuh\/C-CPP-Perl-Ruby-Python-Polyglot\" target=\"_blank\" rel=\"noopener noreferrer\">two follow-up polyglots based on his work and put them on github<\/a>.<\/p>\n<p>Recently I also evaluated the <a href=\"https:\/\/www.sonarsource.com\/?redirect=rips\" target=\"_blank\" rel=\"noopener noreferrer\">RIPS PHP scanner<\/a> and I did that with some randomly chosen WordPress plugins. Afterwards I manually looked at the code of the plugins, to see if the scanner missed anything. Long story short, RIPS is probably going to have two new issue definition\/checks in its future version, so hopefully it will find <a href=\"https:\/\/plugins.trac.wordpress.org\/browser\/password-protected\/trunk\/password-protected.php#L289\" target=\"_blank\" rel=\"noopener noreferrer\">PHP type unsafe comparisons like the one I found in this WordPress plugin<\/a> in the future. Additionally, they are planning to flag when a static string is used as an input for a hash function. Hashing a static string is pointless and bad from a performance perspective. But it might also indicate the creation of default or backdoor user accounts with static passwords. While discussing the idea of type unsafe comparisons, <a href=\"https:\/\/twitter.com\/albinowax\/status\/996391795381719041\" target=\"_blank\" rel=\"noopener noreferrer\">albinowax also added a new check for the backslash powered scanner Burp extension<\/a>.<\/p>\n<p>I will be giving a <a href=\"https:\/\/area41.io\/\" target=\"_blank\" rel=\"noopener noreferrer\">workshop on my yet unreleased Burp Proxy UploadScanner extension at the area41 conference in Zurich<\/a>. I&#8217;ve been developing it for more than a year and I&#8217;m really looking forward to releasing it after the workshop (it will go public on <a href=\"https:\/\/github.com\/modzero\/mod0BurpUploadScanner\" target=\"_blank\" rel=\"noopener noreferrer\">github<\/a>). It can be used to test HTTP based file uploads. The &#8220;presales&#8221; tickets are gone, but if you catch me at the conference in the morning you might be able to get one of the last seats.<\/p>\n<p>I&#8217;ve also released a <a href=\"https:\/\/github.com\/floyd-fuh\/TMSJSPGE\" target=\"_blank\" rel=\"noopener noreferrer\">Java security manager policy generator<\/a>, which is just a little hack but at least it works. I&#8217;m doing some research in the area of Java fuzzing at the moment, more about that later this year.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A tweet of takesako including a C\/C++\/Perl\/Ruby\/Python polyglot got me interested, so I created two follow-up polyglots based on his work and put them on github. Recently I also evaluated the RIPS PHP scanner and I did that with some &hellip; <a href=\"https:\/\/www.floyd.ch\/?p=1074\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[207,203,204,201,205,200,208,206,202],"class_list":["post-1074","post","type-post","status-publish","format-standard","hentry","category-various","tag-area41","tag-java-security-manager","tag-java-security-policy","tag-php","tag-polyglot","tag-rips","tag-type-unsafe-comparison","tag-uploadscanner","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1074"}],"version-history":[{"count":5,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1074\/revisions"}],"predecessor-version":[{"id":1307,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/1074\/revisions\/1307"}],"wp:attachment":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}