Re: Web App Script Capture

[Jerome Athias <jerome.athias () free fr>]

Le samedi 03 octobre 2009 à 10:18 -0400, Jon Kibler a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----

> I was easily able to hijack the administrator's session because I could look at
> the source code to see how session management was done (badly!), and I was able
> to inject cookies to become administrator. At that point I owned the box.

What about cookies manipulation?
You should be able to introduce some magic or voodoo art with it.
For example, you should read about the recent Wordpress flaws.
"It was discovered that wordpress relies on the REQUEST superglobal
array in certain dangerous situations, which makes it easier to perform
attacks via crafted cookies."
http://freshmeat.net/articles/debian-new-wordpress-packages-fix-several-vulnerabilities-3

Ref.: http://www.google.com/search?hl=en&q=whitepaper+cookies
+manipulation

Good luck
/JA

> I would just like to be able to somehow demonstrate stealing scripting source
> code on a remote box. I haven't worked out that problem yet. :-(
>
> Jon
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------