Security Basics mailing list archives

Re: Strange found in apache error.log

From: arron () nynetworksecurity com
Date: 5 Dec 2005 18:49:40 -0000

Is it possable that there is a XSS flaw in a web app on that server?  If so, I've been able to, in the past, use XSS to 
pass SSI (some tweakin required [char esc seqs similar 2 recent sprintf perl vulns]) into dynamic processes.  This 
could, for example, allow the inclusion of /etc/passwd or the shadow file for cracking and then ssh'n.  Since I wasn't 
the admin of the machine I did it on (I had permission people) I'm not sure the resulting log entries.  Although 
description struck a cord with me.  One way or another, it sounds web app specific to me.

Godspeed,

Arron

Current thread:

Strange found in apache error.log kc (Dec 05)
- Re: Strange found in apache error.log ascii (Dec 05)
- Re: Strange found in apache error.log Security (Dec 05)
- Re: Strange found in apache error.log Gaddis, Jeremy L. (Dec 06)
- Root kits and host.deny Frynge.com Support (Dec 08)
  - Re: Root kits and host.deny Scott B (Dec 08)
  - Re: Root kits and host.deny Jeff Davis (Dec 08)
  - Re: Root kits and host.deny Edward Krack (Dec 12)
  - Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 12)
    - Message not available
    - Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 13)
- <Possible follow-ups>
- Re: Strange found in apache error.log arron (Dec 05)
- RE: Strange found in apache error.log Miguel Dilaj (Dec 06)