11th May 2009
SecuriTeam has an old, but still very useful article on SQL injection.
I’ve created a PDF of that article, containing some of the comments (all the ‘thank-you’ and ‘help-me-hack’ comments were removed): sql injection walkthrough pdf download.
Note: there were no specific license terms attached to the article; I believe that the word “free” on the SecuriTeam site logo refers to the “right of free use and copying”. If you know this is not the case – please let me know to remove this PDF from public access. (see Brian’s comment)
Posted in how-to, Links, Software, Web | 3 Comments »
4th May 2009
Today I had a task of displaying random node in a Views-generated sidebar block.
This is how to do that in Drupal 7 (Views 3):
- edit the view which makes the block available (follow http://your.site/admin/build/views/viewname/edit)
- in the Sort Criteria section (under Filter), look for and add Global:Random.
This is how to do that in Drupal 6 (Views 2):
- edit the view which makes the block available (follow http://your.site/admin/build/views/viewname/edit)
- in the Sort Criteria section, add the Random criteria.
It can’t be simpler than that.
Posted in Drupal, Notepad, Software | 13 Comments »
21st April 2009
After trying several of the kind, I found CHXO email address to image converter a reliable and working one.
It supports transparent PNGs, and just works. Also, it comes with a complete PHP source, so it looks like you can embed it into your own web-applications. (As it is GPLed, I’ve saved a copy for myself.)
For Gmailers, there’s a nicer generator.
If you’d like to convert larger amounts of text to images, then use hidetext.net:
Posted in Links, Software, Web | No Comments »
21st April 2009
The following sites are available:
http://bacteria.ensembl.org
http://protists.ensembl.org
http://metazoa.ensembl.org
During summer, two more sites – for Fungi and Plants – should be made available.
Learn more about Ensembl Genomes project.
Posted in Bioinformatics, Links, Science, Software, Web | No Comments »
13th February 2009
Since some WP release, the comment author’s link in comments is broken – it has ‘ external nofollow’ attached straight to the href attribute (which breaks the link).
I assume that the problem is caused by Google Analytics, namely the “track outgoing clicks” feature (as recalled, might be inaccurate feature name). “Track outgoing links” adds some JavaScript code to all outgoing links, and that script has tick characters like this one ‘ which, incidentally, are also used for delimiting the values of comment anchor tags.
To fix:
Read the rest of this entry »
Posted in CMS, how-to, PHP, Programming, Software, Web | 2 Comments »
28th January 2009
favicon.cc has cool real-time previews and allows creating animated favicons.
Posted in Links, Notepad, Software, Web | 2 Comments »
26th January 2009
Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.
It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.
And here’s why:
- recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
- there’s also XID field, which seems to be unique for each page load
Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)
This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.
Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.
I’ve notified the developers.
Posted in CMS, PHP, Programming, Software, Web | 1 Comment »
