Penetration Testing mailing list archives

Re: Web App Script Capture

From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 30 Sep 2009 10:40:49 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Duncan wrote:

What you have to worry about in these situations is information
disclosure. Using the path traversal, an attacker can fingerprint the
OS, applications/daemons installed,  and even the versions in some
cases. Using this information, further attacks can be made on the system
itself.


I know. In fact, with this particular app, I am able to upload arbitrary files
and get full system remote access with very little effort.

However, since it is an open source app, I took a "short cut" by looking at the
code to see how session cookies are created, so I can hijack sessions to upload
files. I would like to use this vulnerable app as a demo, but I can readily
anticipate the feedback of "you cheated. you could never do this with a closed
source app."

What I want to demonstrate is that once I have path traversal, I can steal just
about anything -- except for script source code. I haven't figured out a
work-around for that problem (stealing source code). Thus, my question.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr
hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx
=7/cy
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
  - Re: Web App Script Capture Jon Kibler (Oct 02)
    - Re: Web App Script Capture Mike Duncan (Oct 02)
    - Re: Web App Script Capture Anthony Cicalla (Oct 04)
    - Re: Web App Script Capture arvind doraiswamy (Oct 04)
    - Re: Web App Script Capture Jon Kibler (Oct 04)
    - Re: Web App Script Capture Jerome Athias (Oct 05)
    - Re: Web App Script Capture Jerome Athias (Oct 04)
    - Re: Web App Script Capture Zed Qyves (Oct 05)