Penetration Testing mailing list archives
Re: Web App Script Capture
From: Zed Qyves <zqyves.spamtrap () gmail com>
Date: Mon, 5 Oct 2009 10:57:47 +0300
hello, as for the open source argument, my answer would be that shit happens , you play the cards you are dealt. as for getting the source code: i am assuming 1) by "full system remote access with very little effort" you mean command execution and 2) you cannot get source cause the server keeps enterpreting the extension as executable and as such parsing it. Have you tried copying the scripts to .txt and requesting that instead? ./Z On 9/30/09, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Duncan wrote:What you have to worry about in these situations is information disclosure. Using the path traversal, an attacker can fingerprint the OS, applications/daemons installed, and even the versions in some cases. Using this information, further attacks can be made on the system itself.I know. In fact, with this particular app, I am able to upload arbitrary files and get full system remote access with very little effort. However, since it is an open source app, I took a "short cut" by looking at the code to see how session cookies are created, so I can hijack sessions to upload files. I would like to use this vulnerable app as a demo, but I can readily anticipate the feedback of "you cheated. you could never do this with a closed source app." What I want to demonstrate is that once I have path traversal, I can steal just about anything -- except for script source code. I haven't figured out a work-around for that problem (stealing source code). Thus, my question. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx =7/cy -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
-- --------------------------------------------------------------------- Κρέων ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον. Οιδίπους Τύρρανος [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek Shall find; unsought, we lose it utterly. Oedipus Rex [110] --------------------------------------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)