Re: Web App Script Capture

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

arvind doraiswamy wrote:
The application allowing you to upload a random file, ofcourse is a
problem. but wouldn't it need to get "run" somehow in the backend for
you to get access? Or am I missing something?

Cheers
Arvind

By hijacking an administrator's session, I was able to add code to the site that
allowed me to upload and execute files.

I was easily able to hijack the administrator's session because I could look at
the source code to see how session management was done (badly!), and I was able
to inject cookies to become administrator. At that point I owned the box.

I would just like to be able to somehow demonstrate stealing scripting source
code on a remote box. I haven't worked out that problem yet. :-(

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrHXTgACgkQUVxQRc85QlP6UACdFNzn8YqLmKJ1bmPhG9MaLosI
LWoAn2Oo8j2fLrGUeiMMRChjwKLve/8y
=eMTy
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Relevant Pages

  • Re: Saving Form Data Across a Session Timeout
    ... somehow the app checks to see if there is an active ... When the user logs in successfully, it then submits the form and then closes ... > session has timed out. ... > submitting) somehow and to let the user re-log in and have the first page ...
    (microsoft.public.dotnet.framework.aspnet)
  • time out issue
    ... web.config file but somehow it always time out sooner than that (such as ... somehow it won't even redirect to the login page after idle for 20 ... but the session is gone since I can't retrieve any data from ...
    (microsoft.public.dotnet.general)
  • Re: CAPTCHA and multiple users problem ?
    ... the server script will verify the code ... Somehow I think this is going to create problem. ... but the session name is unchanged. ... clicks SUBMIT will find that the verification code is incorrect. ...
    (comp.lang.php)
  • Re: Cant get DataSource of a repeater, returns null
    ... only the data necessary to render the control in the form of repeater items. ... could just pull out an ArrayList. ... it somehow (in the Session if it's specific per-user), or ni HttpCache if it's global... ...
    (microsoft.public.dotnet.framework.aspnet)