Re: Web App Script Capture

[Zed Qyves <zqyves.spamtrap () gmail com>]

hello,

as for the open source argument,  my answer would be that shit happens
, you play the cards you are dealt.

as for getting the source code: i am assuming 1) by "full system
remote access with very little effort" you mean command execution and
2) you cannot get source cause the server keeps enterpreting the
extension as executable and as such parsing it.
Have you tried copying the scripts to .txt and requesting that instead?

./Z

On 9/30/09, Jon Kibler <Jon.Kibler () aset com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mike Duncan wrote:
> > What you have to worry about in these situations is information
> > disclosure. Using the path traversal, an attacker can fingerprint the
> > OS, applications/daemons installed,  and even the versions in some
> > cases. Using this information, further attacks can be made on the system
> > itself.
>
> I know. In fact, with this particular app, I am able to upload arbitrary
> files
> and get full system remote access with very little effort.
>
> However, since it is an open source app, I took a "short cut" by looking at
> the
> code to see how session cookies are created, so I can hijack sessions to
> upload
> files. I would like to use this vulnerable app as a demo, but I can readily
> anticipate the feedback of "you cheated. you could never do this with a
> closed
> source app."
>
> What I want to demonstrate is that once I have path traversal, I can steal
> just
> about anything -- except for script source code. I haven't figured out a
> work-around for that problem (stealing source code). Thus, my question.
>
> Jon
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr
> hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx
> =7/cy
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.


-- 
---------------------------------------------------------------------
Κρέων
ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
Οιδίπους Τύρρανος [110]
---------------------------------------------------------------------
Creon
In this our land, so said he, those who seek  Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]
---------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------