Penetration Testing mailing list archives
Re: Web App Script Capture
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Sat, 3 Oct 2009 19:16:58 +0530
The application allowing you to upload a random file, ofcourse is a problem. but wouldn't it need to get "run" somehow in the backend for you to get access? Or am I missing something? Cheers Arvind On Wed, Sep 30, 2009 at 8:10 PM, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Duncan wrote:What you have to worry about in these situations is information disclosure. Using the path traversal, an attacker can fingerprint the OS, applications/daemons installed, and even the versions in some cases. Using this information, further attacks can be made on the system itself.I know. In fact, with this particular app, I am able to upload arbitrary files and get full system remote access with very little effort. However, since it is an open source app, I took a "short cut" by looking at the code to see how session cookies are created, so I can hijack sessions to upload files. I would like to use this vulnerable app as a demo, but I can readily anticipate the feedback of "you cheated. you could never do this with a closed source app." What I want to demonstrate is that once I have path traversal, I can steal just about anything -- except for script source code. I haven't figured out a work-around for that problem (stealing source code). Thus, my question. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx =7/cy -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)