I have found a few vulnerability’s in over the last few months which I will be posting here over the next few days. In all cases I have tried to contact the application developer and have included any information regarding in the advisory. Most of them have been cookie related vulnerability’s.

First up is Arcade Trade Script v1.0. Insecure cookie handling allows anyone to simply create a custom cookie with the values below. This will allow full access to the admin panel of the ATS application.

Name – adminLoggedIn
Content – true
Path – /

You can create the cookie by running the following:

javascript:document.cookie =”adminLoggedIn=true; path=/”

The full advisory can be found Here.

These are the backup scripts that I used to back up any Linux servers to my local machine. First thing that you should do is set-up the SSH keys so you can connect to your local machine without the need of a password.

On the Remote host you need to generate the keys with the following command:

ssh-keygen -t rsa

When you are asked for a pass phrase just hit enter twice. Now you should copy the key you have just generated over to your local machine:

scp .ssh/id_rsa.pub username@host:.ssh/authorized_keys2

Just replace the username with the local machine user and the host with the IP Address or hostname of the local machine. After the key has copied over you should now be able to connect from the remote host to the local machine without entering a password.

Now for setting up the backup script

Read more →

This has happened to me in the past when you connect to a SSH server and the initial connection is really slow, it can be really annoying. After trying a few different things and after looking at debug information I found that the following solution worked for me.

Edit /etc/ssh/ssh_config on the local machine and make sure the option “GSSAPIAuthentication” is set to no.

Hopefully that will help a few people!