|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
From: Dan B UK (dan-fd
f-box.org)
Date: Mon Jan 30 2006 - 18:50:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi zeus,
Did you even look at the source code for this script. If you had then
you would see that in the case of register_global's being turned on
there is a bigger issue to worry about; Remote/Local File Inclusion -
Server side.
I have just managed to examine the source code on a few servers in under
10 minutes; from start to finish.
(I know that cookie stealing is an issue; and evil JavaScript can do a
lot. But if you can alter the server files then there is an even greater
issue!)
Due to the nature of the issue I am not disclosing the detail of it
until the writer of the software has updated it; maybe you could have
waited??
A vulnerability that allows privileges of the apache user within the
limitations of how much PHP has been locked down.
Cheers,
Dan.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]