Re: Web App Script Capture

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

arvind doraiswamy wrote:
> The application allowing you to upload a random file, ofcourse is a
> problem. but wouldn't it need to get "run" somehow in the backend for
> you to get access? Or am I missing something?
>
> Cheers
> Arvind

By hijacking an administrator's session, I was able to add code to the site that
allowed me to upload and execute files.

I was easily able to hijack the administrator's session because I could look at
the source code to see how session management was done (badly!), and I was able
to inject cookies to become administrator. At that point I owned the box.

I would just like to be able to somehow demonstrate stealing scripting source
code on a remote box. I haven't worked out that problem yet. :-(

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrHXTgACgkQUVxQRc85QlP6UACdFNzn8YqLmKJ1bmPhG9MaLosI
LWoAn2Oo8j2fLrGUeiMMRChjwKLve/8y
=eMTy
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------