Re: Web App Script Capture

Hash: SHA1

arvind doraiswamy wrote:
The application allowing you to upload a random file, ofcourse is a
problem. but wouldn't it need to get "run" somehow in the backend for
you to get access? Or am I missing something?


By hijacking an administrator's session, I was able to add code to the site that
allowed me to upload and execute files.

I was easily able to hijack the administrator's session because I could look at
the source code to see how session management was done (badly!), and I was able
to inject cookies to become administrator. At that point I owned the box.

I would just like to be able to somehow demonstrate stealing scripting source
code on a remote box. I haven't worked out that problem yet. :-(

- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -


Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.