Re: UPB: Discussion Board/Web-Site Takeover

rgod_at_autistici.org
Date: 07/19/05

Next message: John Richard Moser: "Re: Installation of software, and security. . ."

Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-05:17.devfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 19 Jul 2005 05:41:18 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) this is probably a hoax or an error, the system command is not executed, it's invisibile and inside the html... :) you can put a javascript instead and steal cookies. This is my proof of concept exploit:

http://www.rgod.altervista.org/upbgold196poc.php.txt

(if you have troubles with this script set allow_call_time_pass_reference = on
and register_globals = On)

otherwise you can make with telnet but in the user agent field you can make something like:

and when admin open ip log file the javascript will run in the security contest of his system...

however, you can craft some special urls, (look at this link: http://www.rgod.altervista.org/upbgold196xssurlspoc.txt ) to have same results...

sorry for my bad English

rgod

email: rgod@autistici.org
site: http://rgod@altervista.org

Next message: John Richard Moser: "Re: Installation of software, and security. . ."

Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-05:17.devfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]