Found a LiveJournal redirect exploit

If you’re a user of LiveJournal, or receive any correspondence from someone associated with the site, you may be vulnerable to inadvertently clicking a link that appears to reside on the www.livejournal.com domain. The exploit involves a specific URL format that will redirect the victim to a site/file of the malicious user’s choosing. While the exploit itself is simple in nature, its effects could potentially be very harmful.

The exploit involves using part of a LiveJournal URL:
http://www.livejournal.com/misc/get_domain_session.bml?return=*insert your own URL here*

By entering any URL of your choosing at the end, you can creatively disguise a malicious site or even a “gag” link into the URL.

Exploited URL:
http://www.livejournal.com/misc/get_domain_session.bml?return=*insert your own URL here*

If you replace the *insert your own URL here* part with the URL of your choosing, you will see that by visiting the newly-formed URL, it will redirect to the site you entered.
Pretty crazy huh?

Here’s an example:
http://www.livejournal.com/misc/get_domain_session.bml?return=http://stateofidleness.com

While it looks like you’d be going to a page on the www.livejournal.com site, it would actually redirect you to my home page. There’s nothing stopping someone from placing a malicious website or even a link to a self-extracting zip file. Once the victim clicks the link, they might end up somewhere they don’t want to be, or find themselves downloading a file without even knowing it!

For what it’s worth, I’ve already let the LiveJournal team know and they are working on a fix as we speak! (their support is really outstanding!)

That’s my interesting find for the day!
Comments welcome.

Scraper – Custom .Net Class for HTML/WebBrowser Document scraping and automation


Scraper – Custom .Net Class for HTML/WebBrowser Document scraping and automation

Hey All,
Noticed a lot of threads on forums lately asking how to “find hyperlinks” or “click a form button on a web page”. I’ve been working on a Class to make this easier for not only myself, but hopefully others as well. While it’s still very humble in it’s functionality at the moment, I’m continuing to add to it to increase functionality and ease of use.

I’m very open to suggestions on speed increases, efficiency increases or any other comments you may have.

This is something I use all the time and I know it saves me a lot of time. Hopefully others can benefit from it as well.

Screenshot of it in use and Source code (also .vb file) below:

Scraper In Action

Download the .vb Class File: Scraper.zip | Scraper Demo

”’

”’ Scrape Class: This class allows easy scraping of Web pages and allows interaction with buttons and inputs.
”’ Coded by: Steve Hanz of www.stateofidleness.com
”’ Date: 12-17-2010
”’

”’ Free to use for private or commercial use. I wouldn’t turn down a link to my site though *wink*
Public Class Scraper

”’

”’ Returns a List(Of String) containing the elements it found based on the parameter filters
”’

”’ A WebBrowser Object to search ”’ The element tag to search for (“input”, “a”, “img” etc) ”’ The element attribute to filter by (“class”, “name”, “id”, etc) ”’ The text to filter results by ”’ Returns only the attribute text for the supplied attribute ”’ Boolean indicating whether to also return the InnerText of each element ”’ Returns a List(Of String) containing the elements it found based on the parameter filters
”’
Public Function ListElements( _
ByVal wb As WebBrowser, _
ByVal element As String, _
Optional ByVal AttributeFilter As String = “id”, _
Optional ByVal TextFilter As String = Nothing, _
Optional ByVal ReturnedAttributeFilter As String = Nothing, _
Optional ByVal ReturnInnerText As Boolean = False) As List(Of String)

Dim ScrapedData As New List(Of String)
Dim theElementCollection As HtmlElementCollection = wb.Document.GetElementsByTagName(element)
For Each curElement As HtmlElement In theElementCollection
If String.IsNullOrEmpty(TextFilter) Then ‘No specific filter to search for
If String.IsNullOrEmpty(ReturnedAttributeFilter) Then
ScrapedData.Add(curElement.OuterHtml) ‘Give them everything
If ReturnInnerText Then
If String.IsNullOrEmpty(curElement.InnerText) Then
ScrapedData.Add(“BLANK”)
Else
ScrapedData.Add(curElement.InnerText) ‘Give them the actual text if they wanted it
End If
End If

Else
If Not String.IsNullOrEmpty(curElement.GetAttribute(ReturnedAttributeFilter)) Then
ScrapedData.Add(curElement.GetAttribute(ReturnedAttributeFilter)) ‘Give them the attribute they requested
End If
End If
ElseIf curElement.GetAttribute(AttributeFilter).ToLower.Contains(TextFilter) Then ‘Searching for something specific
ScrapedData.Add(curElement.OuterHtml) ‘Give them everything that matches
If ReturnInnerText Then
If String.IsNullOrEmpty(curElement.InnerText) Then
ScrapedData.Add(“BLANK”)
Else
ScrapedData.Add(curElement.InnerText) ‘Give them the actual text if they wanted it
End If
End If
End If
Next
Return ScrapedData
End Function

”’

”’ Returns a Boolean indicating whether or not a keyword, or keywords was found in the current URL’s Document text.
”’

”’ A WebBrowser Object to search ”’ A List(Of String) of keyword(s) to search for in the current Document ”’ Returns a Boolean indicating whether or not a keyword, or keywords was found in the current URL’s Document text.
”’
Public Function FindKeywords( _
ByVal wb As WebBrowser, _
ByVal Keywords As List(Of String)) As Boolean

Dim WasFound As Boolean = False
Dim theElementCollection As HtmlElementCollection = wb.Document.Body.GetElementsByTagName(“p”)
For Each curElement As HtmlElement In theElementCollection
For Each item In Keywords
If Not String.IsNullOrEmpty(curElement.OuterText) Then
If curElement.OuterHtml.Contains(item) Then
WasFound = True
Return WasFound
Exit For
End If
End If
Next
Next
Return WasFound
End Function

”’

”’ Set the text of an Input element in the current document.
”’

”’ A WebBrowser object to search ”’ The ID or Name of the element to alter ”’ The new value to set for the element ”’
Public Sub SetInputText( _
ByVal wb As WebBrowser, _
ByVal InputNameOrID As String, _
ByVal Value As String)

Dim theElementCollection As HtmlElementCollection = wb.Document.All
For Each curElement As HtmlElement In theElementCollection
If curElement.GetAttribute(“id”) = InputNameOrID Or curElement.GetAttribute(“name”) = InputNameOrID Then
curElement.SetAttribute(“value”, Value)
End If
Next

End Sub

”’

”’ Set the text of a Textarea element in the current document.
”’

”’ A WebBrowser object to search ”’ The ID or Name of the element to alter ”’ The new value to set for the element ”’
Public Sub SetTextareaText( _
ByVal wb As WebBrowser, _
ByVal InputNameOrID As String, _
ByVal Value As String)

Dim theElementCollection As HtmlElementCollection = wb.Document.All
For Each curElement As HtmlElement In theElementCollection
If curElement.GetAttribute(“id”) = InputNameOrID Or curElement.GetAttribute(“name”) = InputNameOrID Then
curElement.InnerText = Value
End If
Next

End Sub

”’

”’ Invoke action on a Button element in the current document.
”’

”’ A WebBrowser object to search ”’ The ID or Name of the element to alter ”’ The event to trigger ”’ EventToTrigger examples: “click”, “onfocus”, “onclick”, etc
Public Sub ClickButton( _
ByVal wb As WebBrowser, _
ByVal InputNameOrID As String, _
ByVal EventToTrigger As String)

Dim theElementCollection As HtmlElementCollection = wb.Document.GetElementsByTagName(“input”)
For Each curElement As HtmlElement In theElementCollection
If curElement.GetAttribute(“id”) = InputNameOrID Or curElement.GetAttribute(“name”) = InputNameOrID Then
curElement.InvokeMember(EventToTrigger)
End If
Next

End Sub

End Class


Comments Welcome.

PathManipulate – A custom .Net Class for displaying long file paths in different formats


Here is a Class that can be used to display long filepaths in different formats depending on your needs. You can specify a desired length, the location of ellipses, and whether the filename is always displayed. It can also be used to return only the filename (with extension) when passed a full path.

Updates will be made to it as they’re available.

Hope someone finds it useful. Any efficiencies that can be made, let me know!

PathManipulate Screenshot

Download the .vb file: PathManipulate.vb (Right click and “Save Target As”)

Source Code:

”’

”’ Class allows the formatting of filepaths for displaying in different formats. All methods return a String object. ”’

Public Class PathManipulate

”’

”’ Returns the folder path that the supplied full filenpath resides in. Includes trailing ‘\’ ”’

Public Function ShowDirectory(ByVal LongPath As String)
Dim FilePath As String
‘START AT BEGINNING OF FULL PATH AND END AT THE LAST OCCURRENCE OF ‘\’
FilePath = LongPath.Substring(0, LongPath.LastIndexOf(“\”) + 1)

Return FilePath
End Function

”’

”’ Returns only the filename (with extension) of the supplied filepath. Removes leading ‘\’. ”’

Public Function ShowFilenameOnly(ByVal LongPath As String)
Dim FileName As String
FileName = LongPath.Substring(LongPath.LastIndexOf(“\”) + 1, LongPath.Length – LongPath.LastIndexOf(“\”) – 1)

Return FileName
End Function

”’

”’ Returns filepath shortened with ellipses in the middle. ”’

Public Function ShrinkLongFilepath(ByVal LongPath As String) As String
Dim ReturnPath, StartPath, FileName As String
FileName = LongPath.Substring(LongPath.LastIndexOf(“\”) + 1, LongPath.Length – LongPath.LastIndexOf(“\”) – 1)

‘ELLIPSES WILL BE IN THE MIDDLE
StartPath = LongPath.Substring(0, LongPath.Length – LongPath.LastIndexOf(“\”) – 3)
ReturnPath = StartPath & “…\” & FileName

Return ReturnPath
End Function

”’

”’ Returns filepath shortened to desired length, if supplied, with ellipses in middle unless overridden with parameter. ”’

Public Function ShrinkLongFilepath(ByVal LongPath As String, ByVal EllipsesAtEnd As Boolean, Optional ByVal DesiredLength As Integer = 15, Optional ByVal AlwaysDisplayFilename As Boolean = False) As String
Dim ReturnPath, StartPath, EndPath, FileName As String

‘DESIRED LENGTH MUST BE AT LEAST 15
If DesiredLength < 15 Then DesiredLength = 15 End If 'STRIPS ONLY THE FILENAME FileName = LongPath.Substring(LongPath.LastIndexOf("\"), LongPath.Length - LongPath.LastIndexOf("\")) If AlwaysDisplayFilename Then If FileName.Length + 3 < DesiredLength Then 'ELLIPSES WILL BE IN THE MIDDLE StartPath = LongPath.Substring(0, (DesiredLength / 2) - 3) EndPath = LongPath.Substring(StartPath.Length, DesiredLength - StartPath.Length) ReturnPath = StartPath &amp; "..." &amp; FileName Else ReturnPath = "..." &amp; FileName End If Else If EllipsesAtEnd Then 'IF ELLIPSES AT END OF FILEPATH ReturnPath = LongPath.Substring(0, DesiredLength - 3) ReturnPath &amp;= "..." Else 'ELLIPSES WILL BE IN THE MIDDLE If LongPath.Length < DesiredLength Then StartPath = LongPath.Substring(0, LongPath.IndexOf("\") + 1) EndPath = LongPath.Substring(StartPath.Length + 3, LongPath.Length - (StartPath.Length + 3)) ReturnPath = StartPath &amp; "..." &amp; EndPath Else StartPath = LongPath.Substring(0, LongPath.IndexOf("\") + 1) EndPath = LongPath.Substring(StartPath.Length + 3, DesiredLength - (StartPath.Length + 3)) ReturnPath = StartPath &amp; "..." &amp; EndPath End If End If End If Return ReturnPath End Function End Class [/code] Some sample usage: [code lang="vb.net"] Dim pm As New PathManipulate 'Create and instantiate a new PathManipulate Object Dim di As New DirectoryInfo(folderpath) 'A full folderpath, possibly from a FolderBrowserDialog Dim myFiles As FileInfo() = di.GetFiles("*.*") Dim fi As FileInfo For Each fi In myFiles ListBox1.Items.Add(fi.FullName) 'Shows unaltered full path ListBox2.Items.Add(pm.ShowDirectory(fi.FullName)) 'Adds manipulated path Next 'Quick usage. Takes a full path and shrinks it. pm.ShrinkLongFilepath(fi.FullName) 'Shrinks to 40 characters with ellipses in the middle. pm.ShrinkLongFilepath(fi.FullName, False, 40, False) 'Returns the full directory path for the supplied file. pm.ShowDirectory(fi.FullName) 'Shows filenames regardless of desired length. pm.ShrinkLongFilepath(fi.FullName, False, 20, True) 'Shrink to 20 characters with ellipses at the end. pm.ShrinkLongFilepath(fi.FullName, True, 20, False) [/code]
Comments welcome.

VB.Net Error: A generic error occurred in GDI+


If you’ve ever encountered the “A generic error occurred in GDI+” error, it may have resulted in the pulling of hair, throwing of blunt objects or the creation of new swear words!

I recently faced this problem in a small app I did, and after hours of scouring Google, I couldn’t find a definitive answer…

System.Runtime.InteropServices.ExternalException: A generic error occurred in GDI+.
   at System.Drawing.Image.Save(String filename, ImageCodecInfo encoder, EncoderParameters encoderParams)
   at System.Drawing.Image.Save(String filename, ImageFormat format)
   at System.Drawing.Image.Save(String filename)

For reference, here is the code I was using:

Private Sub CreateScreenshot()
     Dim img As New Bitmap(Me.Width, Me.Height)
     Dim gr As Graphics = Graphics.FromImage(img)   
     gr.CopyFromScreen(New Point(Me.Left, Me.Top), New Point(0, 0), img.Size)
     Dim newimg As Bitmap
     img.Save(Environment.SpecialFolder.MyDocuments &amp; "\alarm.png", ImageFormat.Png)
End Sub

Can you spot the mistake?

Now, most online “fixes” tell you it’s a permissions issue or a “locked” file issue. I knew it wasn’t a permissions issue, as it’s “My Documents” (it has the word “My” in the folder for cryin’ out loud!), and I knew it wasn’t a “locked” issue because I wasn’t reading in an Image file.

So, after some time on the throne (this is where most of my solutions are devised), I thought, “maybe I need to verify the path I’m trying to save to actually exists.”

I don’t use the Environment.SpecialFolder shortcuts very often, so I’ll chalk it up to that, but with a bit of debugging (read: a Messagebox echoing my .Save path), I found out that I need to enclose the Environment.SpecialFolder.MyDocuments call in another Method that actually returns the desired path. This method is System.Environment.GetFolderPath.

After changing my .Save line to:

img.Save(System.Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) &amp;amp;amp; "\alarm.png", ImageFormat.Png)

it all worked without error!

So… if you’re struggling with this error and you’ve verified it’s not a permissions issue or the “file being in use” issue, you might just double-check to make sure you’re saving to a “real” filepath!

Comments welcome.

Tutorial: Reading and Writing to text file in VB.Net


Long overdue for another VB tutorial! So for all 4 of my faithful viewers, here is one of the most asked questions on coding forums, “How do I read from a text file in VB.Net?”. Let’s go over the simple task of reading and writing to a text file. You know the drill… Grab your favorite caffeinated beverage, put on some music (tonight is Sinatra’s greatest hits) and fire up Visual Studio. Here we go!

We’ll be using the StreamWriter and StreamReader Classes of the System.IO namespace to write and read, respectively. Double-click your blank form to add the default event and take you to code view. Let’s start by adding our import statement to the project:

Imports System.IO

That’ll save us some typing later on. We’ll start with reading from a file (could be a txt, an ini, or any other flat file). I’m gonna hit you with all the code for reading and then we’ll break it down:

Private Function ReadFile(ByVal myFile As String)
    Dim strContents As String
    Dim sr As StreamReader
    sr = New StreamReader(myFile)
    strContents = sr.ReadToEnd()
    sr.Close()
    Return strContents
End Function

So what I’ve done here is created a Function called ReadFile that accepts a String argument which we’ll use to pass in a file path to the file we’re going to read. We’ll be able to call it throughout our application any time we need to read the contents of any file. It will return a String value, strContents, which holds the contents of the file after it has been read. This will be the job of strContents as well. After that, the last thing we need before we get to the meat of the function is to declare and instantiate a StreamReader object which is going to expect 1 parameter, the argument we passed to the function.

The following lines are for declaring and instantiating the “holder” string and the StreamReader object. You can see how I’ve used the name of the argument for the parameter of the StreamReader:

Dim strContents As String
Dim sr As StreamReader
sr = New StreamReader(myFile)

Now the good stuff… and it’s only a one-liner! To read in the entire contents of the file and store it in our String object, all we need to do is call the ReadToEnd() method of the StreamReader object we created. You thought there’d be more to it? Well… there isn’t… “But I only got a few sips into my caffeinated beverage of choice and we’re almost done?”, you might be saying. I’m a heart-breaker.

Now all that’s left is the “garbage collection” aspect. Always remember to close your StreamReader by calling its Close() method once you’re done reading the contents.

You’ll want to enclose the call to the function inside a Try/Catch block just in case an error is thrown, such as bad file name, missing file, etc:

Try
     ReadFile(&amp;amp;amp;amp;quot;C:\TextFileReadingTutorial.txt&amp;amp;amp;amp;quot;)
Catch ex as Exception
     'Something broke. Capture the error!
End Try

Some additional things to note when dealing with files. This tutorial covers reading the entire contents of a file at one time. It is also possible to read a file one line at a time using the ReadLine() method. By placing it within a loop, you can read all the lines and store them in an array, a List, or whatever you like.

In the next post, we’ll go over how to write to a file. Bottom’s up!

Comments welcome.

Download: Lookout Keylogger (Updated)


Had some interest in the Lookout keylogger application recently, so thought it would be a good time to provide an updated release. This one does a more thorough exception handling job, as well as provides an option to enable or disable error messages (to stay in stealth mode). Adds itself to the Startup folder so that it runs on startup (hidden).

If the free keylogger application helped at all and you feel like contributing to my caffeine addiction, feel free to drop me a few cents.
[paypal-donation]

Download LookoutDownload the Project Files Download LookoutDownload Setup Files

Download: TTFix – ttfpatch GUI Supplement


Tonight I finished putting together a GUI front-end for a font tool my buddy is using. This free tool, ttfpatch (http://www.derwok.de/downloads/ttfpatch/), originally coded by Wolfram Eßer is a command-line tool for editing True Type Font attributes. My buddy also wanted the ability to make changes to an entire directory of fonts (he had something like 1,200 fonts! yikes!) that he needed to edit.

So I set to work…

In an effort to not re-invent the wheel, I simply built a GUI front-end that makes a call to Wolfram’s original application behind the scenes. I added options for bulk changes as well.

I’d like to thank Wolfram for his original code offering and want to be clear that I only created the GUI front-end. Let me know what you think, and as always, if it helps you out or you have any comments, feel free to write!

TTFix - True Type Font Attribute Editor with GUI Front-end

Download TTFixDownload Standalone Application

Please read
Windows 7 UAC will prompt to run as Administrator.


Originally coded by Wolfram Eßer : Visit his site

Download: Big Digital Clock

At work the other day, I was in need of an application that could display the time and date very large for a “Kiosk” type display at the front of a large room. I perused the net for a web page that had the current time and date on it, thinking I could just increase the font size of the web page, but this proved to be a waste of time.

I then googled “big free clock” and first link up took me to:
http://www.contactplus.com/products/freestuff/bigfreeclock.htm

Now we’re getting somewhere! I got it all installed and worked great! As soon as I was ready to call it a day, the bossman says, “Can you put the day of the week on there?”…. I now had two choices, hit the web again, or code one myself. I figured choosing the latter would give me more flexibility and to be honest, would be quicker than trying to find something freeware that fit our needs.

So, building on the work of the author of “Big Free Clock”, I bring you “Big Digital Clock”.

Some features I have implemented are:
2 color schemes for now (Black on White, White on Black)
Automatic screen width fit
Docking to top of screen
Automatic Font sizing
12Hr and 24Hr display format
Displays Day of Week, Month, Day and Year
Transparent Background
Toggle Border On/Off
Drag without Border

I figured I would make it freely available as the other author did, in the hopes that someone else might find it useful.

I don’t foresee any future “updates”, but if there’s any requests, I may be able to implement them fairly easily. Thanks for looking! Feedback always welcome.

Big Digital Clock

Download Big Digital ClockDownload Big Digital Clock 1.0 Download Big Digital ClockDownload Big Digital Clock Setup Files