Re: Web App Script Capture

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Duncan wrote:
What you have to worry about in these situations is information
disclosure. Using the path traversal, an attacker can fingerprint the
OS, applications/daemons installed, and even the versions in some
cases. Using this information, further attacks can be made on the system
itself.


I know. In fact, with this particular app, I am able to upload arbitrary files
and get full system remote access with very little effort.

However, since it is an open source app, I took a "short cut" by looking at the
code to see how session cookies are created, so I can hijack sessions to upload
files. I would like to use this vulnerable app as a demo, but I can readily
anticipate the feedback of "you cheated. you could never do this with a closed
source app."

What I want to demonstrate is that once I have path traversal, I can steal just
about anything -- except for script source code. I haven't figured out a
work-around for that problem (stealing source code). Thus, my question.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrDbfEACgkQUVxQRc85QlOUxACfaR7Ou0jHM02na9AeOGLaaIsr
hQ8An1Fu5kKF2Ro9UYdxMErKoLu0DCgx
=7/cy
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Relevant Pages

  • Re: Web App Script Capture
    ... However, since it is an open source app, I took a "short cut" by looking at ... about anything -- except for script source code. ... Filtered by: TRUSTEM.COM's Email Filtering Service ...
    (Pen-Test)
  • [UNIX] Mono XSP ASP.NET Server Source Code Disclosure Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Mono XSP ASP.NET Server Source Code Disclosure Vulnerability ... Using a source code disclosure attack, an attacker can retrieve the source ...
    (Securiteam)
  • Re: (Partially) security client-server communications
    ... >app to the server. ... attacker has some sort of debugger or dissembler app and uses it to watch ... is secret, the attacker is hosed. ... If it is just a matter of a secret algorithm, you can use a secret encryption ...
    (sci.crypt)
  • Re: Web App Script Capture
    ... an attacker can fingerprint the ... In fact, with this particular app, I am able to upload arbitrary files ... However, since it is an open source app, I took a "short cut" by looking at the ... You do not need to see the source either to investigate how sessions are ...
    (Pen-Test)
  • DLL vs Dynamic Compile
    ... This App is still under development. ... All source code stored in the database will be of Type Form and all ... Once I compile the code I store it on ... the local machine as a DLL. ...
    (microsoft.public.dotnet.languages.csharp)
Loading