Pages

Jul 8, 2014

Vulnerability Disclosure for Node.js Applications - CashCube and WEPL

This post is about two Server Side JS injection vulnerabilities that I found in CashCube, a node.js application which does personal money management and WEPL, a node.js based REPL.

In CashCube, the vulnerability is due to the use of unsanitized input in the eval command, this enables the attacker to pass arbitrary commands to the server. Can lead to shutdown of server or even deletion of files from the server filesystem. The details of the disclosure are on the github issue.

In WEPL, the vulnerability is due to a similar reason with the http request query parameter methodBody. The query parameter is directly passed to the eval function on the server side leading to possibility of command injection. The details of the disclosure are on the github issue

Jan 22, 2014

Executing OCaml Programs in Eclipse with OcaIDE

This blog post explains how to use OcaIDE to build and run your OCaml Programs. Assuming that you have installed OCaml, Eclipse and the OcaIDE plugin for OCaml, the first step is to setup the right paths to OCaml installation directory in the OcaIDE plugin configuration as shown in the below screenshots.



Once the path to the OCaml directory is set in eclipse you can create a new OCaml Project.The easiest way is to use the "OCaml Empty Makefile Project" type from the New Project Menu in Eclipse.



After creating a new project (say "lab03") right click it in the Navigator menu and click on import to add the files from the assignment in the new project.


Choose File System in the import menu to browse to the files downloaded from IVLE on your disk and check them to be added to this project.



Once you have added the files you can write your "Makefile" to build them. Right click the project and click New File as shown below.


Give the new file the name "Makefile" without any spaces or extension. Enter the following text in the file. The space after the "all:" line is a tab not a series of spaces. For more help about writing Makefile you can check the tutorial.


Once you have the Makefile in your project just right click it and select "Make Project". This would build the corresponding executable (lab03.exe here). If you get some errors make sure you gave the right path to the GNU Make installation in your system in the first step (e.g. C:\cygwin\bin\make.exe).


To execute the file just right click and choose  Run As "Ocaml Executable" as follows.


You should see some output on the console windows. If in the previous step you do not find any "Ocaml Executable" configuration click on the "Run Configurations..." menu item to create a new launch configuration.


Enter the name of the project and the choose the executable file to define a new launch configuration as shown above. Once you add the new configuration you can choose apply and run it. It should now execute with some output on the console window.