Penetration Testing mailing list archives
Re: Web App Script Capture
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 30 Sep 2009 10:40:49 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Duncan wrote:
What you have to worry about in these situations is information disclosure. Using the path traversal, an attacker can fingerprint the OS, applications/daemons installed, and even the versions in some cases. Using this information, further attacks can be made on the system itself.
I know. In fact, with this particular app, I am able to upload arbitrary files and get full system remote access with very little effort. However, since it is an open source app, I took a "short cut" by looking at the code to see how session cookies are created, so I can hijack sessions to upload files. I would like to use this vulnerable app as a demo, but I can readily anticipate the feedback of "you cheated. you could never do this with a closed source app." What I want to demonstrate is that once I have path traversal, I can steal just about anything -- except for script source code. I haven't figured out a work-around for that problem (stealing source code). Thus, my question. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx =7/cy -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)