Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

["Steven M. Christey" <coley () mitre org>]

Hello botan,

I have some questions about this report.

> Web: http://www.ahbruinsma.nl

This web site requires a login.  Even the front page is not
accessible.

> FleXiBle Development (FXB)

Is this a product, service, or a single web site?  There is very
little information in Google.

> //Defining some functions and including them
> require('php/messages.php');
> //require base-file
> //require_once('php/base.php');
> include_once "baseconfig.inc.php";

These require/include statements do not use any variables, so the
paths cannot be controlled by a remote attacker.

> http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

How does this "evilcode.txt" get into FXB?  Do you upload it?  Or do
you use directory traversal like ".." or "/abs/path"?  Or do you do a
remote file inclusion?

Finally, your subject line says there is XSS, but your report does not
say anything about XSS.  Is there also an XSS problem here?

Thank you,
Steve