Re: Web App Script Capture

Hash: SHA1

arvind doraiswamy wrote:
The application allowing you to upload a random file, ofcourse is a
problem. but wouldn't it need to get "run" somehow in the backend for
you to get access? Or am I missing something?


By hijacking an administrator's session, I was able to add code to the site that
allowed me to upload and execute files.

I was easily able to hijack the administrator's session because I could look at
the source code to see how session management was done (badly!), and I was able
to inject cookies to become administrator. At that point I owned the box.

I would just like to be able to somehow demonstrate stealing scripting source
code on a remote box. I haven't worked out that problem yet. :-(

- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -


Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

Relevant Pages

  • Re: Saving Form Data Across a Session Timeout
    ... somehow the app checks to see if there is an active ... When the user logs in successfully, it then submits the form and then closes ... > session has timed out. ... > submitting) somehow and to let the user re-log in and have the first page ...
  • time out issue
    ... web.config file but somehow it always time out sooner than that (such as ... somehow it won't even redirect to the login page after idle for 20 ... but the session is gone since I can't retrieve any data from ...
  • Re: CAPTCHA and multiple users problem ?
    ... the server script will verify the code ... Somehow I think this is going to create problem. ... but the session name is unchanged. ... clicks SUBMIT will find that the verification code is incorrect. ...
  • Re: Cant get DataSource of a repeater, returns null
    ... only the data necessary to render the control in the form of repeater items. ... could just pull out an ArrayList. ... it somehow (in the Session if it's specific per-user), or ni HttpCache if it's global... ...