Bugtraq mailing list archives
Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
From: "Steven M. Christey" <coley () mitre org>
Date: Wed, 5 Apr 2006 01:23:24 -0400 (EDT)
Hello botan, I have some questions about this report.
Web: http://www.ahbruinsma.nl
This web site requires a login. Even the front page is not accessible.
FleXiBle Development (FXB)
Is this a product, service, or a single web site? There is very little information in Google.
//Defining some functions and including them require('php/messages.php'); //require base-file //require_once('php/base.php'); include_once "baseconfig.inc.php";
These require/include statements do not use any variables, so the paths cannot be controlled by a remote attacker.
http://www.site.com/[path]/evilcode.txt?&cmd=uname -a
How does this "evilcode.txt" get into FXB? Do you upload it? Or do you use directory traversal like ".." or "/abs/path"? Or do you do a remote file inclusion? Finally, your subject line says there is XSS, but your report does not say anything about XSS. Is there also an XSS problem here? Thank you, Steve
Current thread:
- FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan (Apr 01)
- <Possible follow-ups>
- Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey (Apr 09)