OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arta (artathe-group.org)
Date: Mon Mar 18 2002 - 03:35:08 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You can also execute arbitrary commands as the user that runs php/apache if
    the author of the script does anything like this:

    <?php
    include $somevariable.".inc";
    ?>

    you could then craft a URL to include a txt file containing php code from
    another server - then, using popen and exec and system, etc, you can get it
    to do just about anything. If a mysql connection was opened before the above
    line you could steal their entire database. There was a bug like this in
    PHPNuke a while back.

    Harry

    ----- Original Message -----
    From: "Matt Priestley" <mpriestmicrosoft.com>
    To: <vuln-devsecurityfocus.com>
    Sent: Saturday, March 16, 2002 9:47 PM
    Subject: RE: CSS implication

    Here are some of the things my security team has observed with relation to
    cross-site scripting:

    * as you said, persistent cookie theft
    * "session theft" where you act in the context of a privileged user
    * as you said, running script or objects
    * SQL injection attacking the back end logic
    * likewise, XML injection
    * changing page banners or other decorations in deceptive ways
    * DoS attacks on the underlying system error logs
    * causing a trusted page to display a link to an untrusted page

    -----Original Message-----
    From: zero [mailto:zeroboyarrakis.es]
    Sent: Saturday, March 16, 2002 5:39 AM
    To: vuln-devsecurityfocus.com
    Subject: CSS implication

    Hi all,
             I'm working on a CSS paper, and I was wondering, what are the real
    implications of a CSS attack. When some site is vuln to a CSS problem,
    you're able to execute code on the web. I've thought about the implications
    of this. First of all:
             - You can steal cookies from users
             - You can send bogus links faking the original site: i.e
    http://site/vuln.php?query=>...(faking vuln.php)...</script>
             - You can download & launch activeX (possible to download and
    execute trojans?)

    Any more dangerous implications?

    mailto:zeroboyarrakis.es
    http://www.podergeek.com
    http://www.citfi.org
    **************************************************
    "The further backward you look, the further forward you can see" Winston
    Churchill
      "Para ganar, hay gente que debe perder"