SilverStripe: XSS in Redirection URL

SilverStripe adivsory identifier: SS-2014-006
Versions Affected: 3.0.9, 3.1.3, and all previous versions.
Notified on: 2014-02-28

Attack Details

By crafting the value passed into Controller->redirect(), usually by setting the redirectURL GET parameter on a page which calls Controller->redirectBack() and if the page being requested has sent output to the browser before the redirect call then the value passed is directly outputted to the browser, allowing for XSS.

If the server has a large enough output buffer that the headers have not been sent to the browser by the time the redirect call is made, then this attack will not work.
Continue reading

SilverStripe: Privileged User Arbitrary Class Creation

SilverStripe adivsory identifier: SS-2014-005
Versions Affected: 3.0.9, 3.1.3, and all previous versions.
Notified on: 2014-02-26

Attack details

By changing the PageType value passed to CMSPageAddController, a user is able to create any arbitrary class. If this class is a DataObject, it is written to the database. This allows a user to create classes that they should not be able to.

As an extension of this, if the class in question has a writeWithoutVersion method – most commonly due to having the Versioned extension applied – then the user is able to set any fields that the class has in common with the fields presented in the CMSMain edit interface.
Continue reading

Facebook’s Hack for PHP

Hack is Facebook’s extension to PHP that makes it a much nicer language to work with. We’ve been using it at PocketRent since James discovered it and reverse-engineered how to use it from the HHVM source code. Since using it, writing vanilla PHP now feels wrong and like it’s missing this really useful, powerful features.

Facebook has just released the Hack documentation and tools that we have been using on some projects and our Hack-specific library Beatbox.
Continue reading

Hello

Yes, I am starting a third blog. I’m expecting this one to be a lot more code-focused than the other two. We’ll see how that goes.

Coding-wise, I’m currently working with LaravelHHVMBeatBox and SilverStripe with a little iOS development on the side.

I can be found on App.net and Twitter as well as some other places, like IRC and via email.

I’m always on the lookout for things to write about, so if you have ideas let me know.