Penetration Testing mailing list archives
Re: Web App Script Capture
From: Jerome Athias <jerome.athias () free fr>
Date: Mon, 05 Oct 2009 09:23:38 +0200
Le samedi 03 octobre 2009 à 10:18 -0400, Jon Kibler a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
I was easily able to hijack the administrator's session because I could look at the source code to see how session management was done (badly!), and I was able to inject cookies to become administrator. At that point I owned the box.
What about cookies manipulation? You should be able to introduce some magic or voodoo art with it. For example, you should read about the recent Wordpress flaws. "It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies." http://freshmeat.net/articles/debian-new-wordpress-packages-fix-several-vulnerabilities-3 Ref.: http://www.google.com/search?hl=en&q=whitepaper+cookies +manipulation Good luck /JA
I would just like to be able to somehow demonstrate stealing scripting source code on a remote box. I haven't worked out that problem yet. :-( Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)