Re: Re: Pentesting Webserver

---

• From: cwright@xxxxxxxxxxxxx
• Date: 30 Oct 2007 23:16:26 -0000

---

If you can upload images, then you could try uploading scripts or other code. Vulnerable code may be used to have the mySQL server escalate you.

Poorly formated uploads could also be used to try a heap or stack attack.

Regards,
Craig Wright (GSE-Compliance)

---in reply to ---

I tried doing a few commands after I telneted to it but it required more rights. I the only venue of sucess I got so far was loging in to the admin management page of the site, which is where I was trying to see if I could get further.

Sent via BlackBerry from T-Mobile

-----Original Message-----

From: cwright (at) bdosyd.com (dot) au [email concealed]

Date: 29 Oct 2007 21:38:47

To:pen-test (at) securityfocus (dot) com [email concealed]

Subject: Re: Pentesting Webserver

Have you tested to see if the FTP server is allowing uploads? Is the upload directory shared if one exists? I would not bypass FTP so soon.

Don?t forget the 2001 Apache compromise?

See Hal Pomeranz?s PPT at http://www.baylisa.org/library/slides/2002/baylisa-oct02.pdf

Regards,

Craig Wright

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

---

• Prev by Date: Medusa 1.4 Release
• Next by Date: Full Disclosure of Security Vulnerabilities
• Previous by thread: Re: Pentesting Webserver
• Next by thread: Medusa 1.4 Release
• Index(es):
  • Date
  • Thread

---

Relevant Pages PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution ... vulnerable code in auth.inc.php at lines 22-26: ... if magic_quotes_gpc is off you can bypass admin login check, poc: ... you can upload a cmd.php.menu file with this code inside: ... so you can launch commands: ... (Bugtraq) Re: tried everything- cannot publish to web ... the path to the FTP server correctly, ... firewall, and/or a third party firewall included in a antivirus suite, or a ... looking at the instructions from Yahoo about how to upload your site, ... how to use their control panel to upload your files. ... (microsoft.public.publisher.webdesign) Re: probls with file upload script... pls help ... upload files to an FTP server. ... the user is on the Web server where he accesses the upload page. ... Upload_Click runs VB.NET script that calls clsFTP ... FTP client to upload a file to an HTTP web application. ... (microsoft.public.dotnet.framework.aspnet) Re: IIS 6 FTP problem ... Why there is port 20, if my FTP server runs on default port 21? ... > and I assumed you got the 'succesful upload' msgs when uploading at local ... > Bernard Cheah ... (microsoft.public.inetserver.iis.ftp) Re: connect to FTP server ... That's why I suggested that you *do* specify it. ... asp.net faq: http://asp.net.do/faq/ ... I'd *never* upload files to that directory. ... I'm logged into the FTP server to see if my file is ... (microsoft.public.dotnet.framework.aspnet)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2007-10