All posts in Coding Corner

The original post appeared here:

http://sqlblog.com/blogs/adam_machanic/archive/2009/04/28/sqlclr-string-splitting-part-2-even-faster-even-more-scalable.aspx

Please visit the original website for more discussion, this is for reference purpose only.

 

using System;
using System.Collections;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;

public partial class UserDefinedFunctions
{
[Microsoft.SqlServer.Server.SqlFunction(
FillRowMethodName = "FillRow_Multi",
TableDefinition = "item nvarchar(4000)"
)
]
public static IEnumerator SplitString_Multi(
[SqlFacet(MaxSize = -1)]
SqlChars Input,
[SqlFacet(MaxSize = 255)]
SqlChars Delimiter
)
{
return (
(Input.IsNull || Delimiter.IsNull) ?
new SplitStringMulti(new char[0], new char[0]) :
new SplitStringMulti(Input.Value, Delimiter.Value));
}

public static void FillRow_Multi(object obj, out SqlString item)
{
item = new SqlString((string)obj);
}

public class SplitStringMulti : IEnumerator
{
public SplitStringMulti(char[] TheString, char[] Delimiter)
{
theString = TheString;
stringLen = TheString.Length;
delimiter = Delimiter;
delimiterLen = (byte)(Delimiter.Length);
isSingleCharDelim = (delimiterLen == 1);

lastPos = 0;
nextPos = delimiterLen * -1;
}

#region IEnumerator Members

public object Current
{
get
{
return new string(theString, lastPos, nextPos - lastPos);
}
}

public bool MoveNext()
{
if (nextPos >= stringLen)
return false;
else
{
lastPos = nextPos + delimiterLen;

for (int i = lastPos; i < stringLen; i++)
{
bool matches = true;

//Optimize for single-character delimiters
if (isSingleCharDelim)
{
if (theString[i] != delimiter[0])
matches = false;
}
else
{
for (byte j = 0; j < delimiterLen; j++)
{
if (((i + j) >= stringLen) || (theString[i + j] != delimiter[j]))
{
matches = false;
break;
}
}
}

if (matches)
{
nextPos = i;

//Deal with consecutive delimiters
if ((nextPos - lastPos) > 0)
return true;
else
{
i += (delimiterLen-1);
lastPos += delimiterLen;
}
}
}

lastPos = nextPos + delimiterLen;
nextPos = stringLen;

if ((nextPos - lastPos) > 0)
return true;
else
return false;
}
}

public void Reset()
{
lastPos = 0;
nextPos = delimiterLen * -1;
}

#endregion

private int lastPos;
private int nextPos;

private readonly char[] theString;
private readonly char[] delimiter;
private readonly int stringLen;
private readonly byte delimiterLen;
private readonly bool isSingleCharDelim;
}
};

Well, Most of the times I see hundreds of projects in a single repo. Now, if I don’t want to download a GB of code and then eventually use just 20mb of it. How is it fare?

So I wanted to create a downloader for it. Turns out I’m a little too late. There are already a couple of options which work flawlessly.

Go ahead and give it a try!

 


Git doesn’t support this, but Github does via SVN. If you checkout your code with subversion, Github will essentially convert the repo from git to subversion on the backend, then serve up the requested directory.

Here’s how you can use this feature to download a specific folder. I’ll use the popular javascript librarylodash as an example.

  1. Get the repo URL. First, copy the URL of the Github repo to your clipboard. github repo URL example
  2. Modify the URL for subversion. I want to download the folder at /docs from the masterbranch, so I will append trunk/docs. Full URL is now https://github.com/lodash/lodash/trunk/docs. See my note below for a more in-depth explanation of why we must use this URL format.
  3. Download the folder. Go to the command line and grab the folder with SVN. svn checkout https://github.com/lodash/lodash/trunk/docs

You might not see any activity immediately because Github takes up to 30 seconds to convert larger repositories, so be patient.

Full URL format explanation:

  • If you’re interested in master branch, use trunk instead. So the full path is trunk/foldername
  • If you’re interested in foo branch, use branch/branchname instead. The full path looks like branch/branchname/foldername
  • Protip: You can use svn ls to see available tags and branches before downloading if you wish

That’s all! Github supports more subversion features as well, including support for committing and pushing changes.

 

 

Found this interesting article on http://www.dotnet-tricks.com/Tutorial/webapi/Y95G050413-Difference-between-ASP.NET-MVC-and-ASP.NET-Web-API.html

Most people tend to think MVC and web api are the same thing. Well not really!

 

While developing your web application using MVC, many developers got confused when to use Web API, since MVC framework can also return JSON data by using JsonResult and can also handle simple AJAX requests. In previous article, I have explained the Difference between WCF and Web API and WCF REST and Web Service and when to use Web API over others services. In this article, you will learn when to use Web API with MVC.

Asp.Net Web API VS Asp.Net MVC

  1. Asp.Net MVC is used to create web applications that returns both views and data but Asp.Net Web API is used to create full blown HTTP services with easy and simple way that returns only data not view.
  2. Web API helps to build REST-ful services over the .NET Framework and it also support content-negotiation(it’s about deciding the best response format data that could be acceptable by the client. it could be JSON,XML,ATOM or other formatted data), self hosting which are not in MVC.
  3. Web API also takes care of returning data in particular format like JSON,XML or any other based upon the Accept header in the request and you don’t worry about that. MVC only return data in JSON format using JsonResult.
  4. In Web API the request are mapped to the actions based on HTTP verbs but in MVC it is mapped to actions name.
  5. Asp.Net Web API is new framework and part of the core ASP.NET framework. The model binding, filters, routing and others MVC features exist in Web API are different from MVC and exists in the new System.Web.Httpassembly. In MVC, these featues exist with in System.Web.Mvc. Hence Web API can also be used with Asp.Net and as a stand alone service layer.
  6. You can mix Web API and MVC controller in a single project to handle advanced AJAX requests which may return data in JSON, XML or any others format and building a full blown HTTP service. Typically, this will be called Web API self hosting.
  7. When you have mixed MVC and Web API controller and you want to implement the authorization then you have to create two filters one for MVC and another for Web API since boths are different.
  8. Moreover, Web API is light weight architecture and except the web application it can also be used with smart phone apps.
What do you think?

This post is copied from:

https://wiremask.eu/writeups/reverse-shell-on-a-nodejs-application/

As the site is down right now, i just thought it should be replicated at another source.

 

Reverse shell on a Node.js application

How we obtained a Javascript reverse shell by exploiting a vulnerability on a Node.js application during a security assessment.

Introduction

We were tasked by a small web developer team to perform a security assessment of their mobile app backend which is a REST API.

The architecture is rather simple there is only three Linux servers.

  • Node.js
  • MongoDB
  • Redis

First we performed a few arbitrary tests without access to the source code and we discovered that a few unexpected input at some endpoints would crash the backend application.
We also noticed that the redis server was accessible from the WAN without authentication.

Our next step was to review the Node.js API code and understand the crashes.

Simplified vulnerable application

We created this small Node.js application with the vulnerable function if you want to try to exploit it yourself.
This Node.js web server will wait for a query such as http://target.tld//?name=do* and search for animal names matching that query.

The vulnerability

After a few minutes of analyzing the buggy endpoints in the code we noticed a bad practice issue that could lead to remote code execution.
The stringToRegexp function is evaluating user input to create a RegExp object and use it to find elements in an array.

We can insert our own Javascript code in the output variable and execute it.
The stringToRegexp function will escape some characters and the output value will be evaluated.

Visiting the address below will print a message on the server terminal.
http://target.tld/?name=["./;require('util').log('Owned');//*"]

From there it would be nice to execute code to have an interactive shell such as /bin/sh.

The Node.js reverse shell

The Javascript code below is a Node.js reverse shell.
The payload will spawn a /bin/sh shell, create a TCP connection to the attacker and attach the shell standard streams to it.

To execute the payload gracefully we used a little trick, we encoded our reverse shell payload to hexadecimal and used the Node.js Buffer object to decode it.
http://target.tld/?name=["./;eval(new Buffer('PAYLOAD', 'hex').toString());//*"]

Conclusion

It’s highly recommended to avoid using the eval function in a Javascript project.
The fix was rather simple, they started using using the RegExp object directly.