Penetration Testing mailing list archives
Re: Web App Script Capture
From: Jon Kibler <Jon.Kibler () aset com>
Date: Sat, 03 Oct 2009 10:18:32 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 arvind doraiswamy wrote:
The application allowing you to upload a random file, ofcourse is a problem. but wouldn't it need to get "run" somehow in the backend for you to get access? Or am I missing something? Cheers Arvind
By hijacking an administrator's session, I was able to add code to the site that allowed me to upload and execute files. I was easily able to hijack the administrator's session because I could look at the source code to see how session management was done (badly!), and I was able to inject cookies to become administrator. At that point I owned the box. I would just like to be able to somehow demonstrate stealing scripting source code on a remote box. I haven't worked out that problem yet. :-( Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrHXTgACgkQUVxQRc85QlP6UACdFNzn8YqLmKJ1bmPhG9MaLosI LWoAn2Oo8j2fLrGUeiMMRChjwKLve/8y =eMTy -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)