nDarkness

I had a user this week that was experiencing trouble with Outlook. Every time they opened the program they received a prompt similar to the one below.

Exchange is currently in recovery mode. You can either connect to your Exchange server using the network, work offline, or cancel this logon.

Not only was the prompt annoying, the shared calendar and contacts crashed the program whenever you tried to access them.

After doing some digging I found a solution that fixed the problem.

1. Start Outlook and select Connect.
2. On the Tools menu, click E-mail Accounts.
3. Click View or change existing e-mail accounts, and then click Next.
4. Click the Microsoft Exchange Server account, and then click Change.
5. Click More Settings, and then click Advanced.
6. Clear the Use Cached Exchange Mode check box, and then click Apply.
7. Instead of exiting Outlook at this point click Offline Folder File Settings, and then click Disable Offline Use.
8. Click Yes to the prompt, OK, Next, and Finish
9. Close Outlook and start it again.
10. Repeat steps 1-5
11. Now reselect the Use Cached Exchange Mode check box, exit, and then restart Outlook.

That’s it now Outlook will no longer give the prompt and everything will be back to normal.

The latest version of DM Albums was released on 10/21/2009 to all WordPress users and it contains a serious flaw that can allow an attacker to remotely delete any file or folder they wish. The author has been notified of the problem and I have listed a work around below to prevent directory traversal.

After upgrading to the latest version of DM Albums I was playing with the new features and noticed the function to delete albums. I dug into the code located at wp-content/plugins/dm-albums/wp-dm-albums-ajax.php and found that there is no check to see if someone has used directory traversal. This means that anyone can delete files or directories outside of the upload directory.

Example:

http://someblogsite/wp-content/plugins/dm-albums/wp-dm-albums-ajax.php?delete_album=../../../public_html

The vulnerable section that allows this to take place is:

if(isset($_GET[“delete_album”]) && !empty($_GET[“delete_album”]) && strlen($_GET[“delete_album”]) > 0)
{
//delete the album directory
dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET[“delete_album”]);
}

In this code there is no check to see what is contained in the GET variable and you don’t even need to be logged in to delete files.

Below is a quick and dirty work around to prevent the problem and I would suspect there will be more checks to ensure that user input is sanitized in the near future. This work around will not prevent malicious users from deleting your albums but it will keep folders outside of the upload directory safe.

if(isset($_GET[“delete_album”]) && !empty($_GET[“delete_album”]) && strlen($_GET[“delete_album”]) > 0)
{
//remove the / character from user input
$_GET[“delete_album”] = str_replace(“/”, “”, $_GET[“delete_album”]);

//delete the album directory
dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET[“delete_album”]);
}

Once I hear back from the author I will update this post to let everyone know the outcome.

Update: A new release, v2.0.1, with the above mentioned work around has been released. We should also expect to see another update in the next few days that will employ more security checks and some upgrades for WordPress multi user environments as well.

Have you ever needed to rename a bulk quantity of files and/or folders? In my day to day life, I use template folder structures to contain various aspects of job information. Before these folders are usable, I must add a unique job name to the beginning of the folder and/or file name to make searching easier. This renaming task can quickly become very tedious and time consuming.

Thanks to Denis Kozlov over at [den4b] there is a solution that saves loads of time and effort. The program is called, ReNamer and it allows us to select a list of files and/or folders and perform various renaming operations on them.

Since the task at hand is to work on already designed folder structures, all I need to do is find a method that does the job and save the preset for the different types folder structures. I chose to use a delete rule to remove the generic job name and then an insert rule to insert a unique job name.

After going through a few short test runs, I came up with a working solution that I was able to
save, customize and slightly change to suit other needs.

If you have similar renaming needs, check out this
program and I’m sure you will agree it is definitely worth your time.