Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Pentesting Webserver

from [cwright] Network Security [Permanent Link]
Subject: Re: Re: Pentesting Webserver
Date: 30 Oct 2007 23:16:26 -0000 
If you can upload images, then you could try uploading scripts or other code. 
Vulnerable code may be used to have the mySQL server escalate you.

Poorly formated uploads could also be used to try a heap or stack attack.

Regards,
Craig Wright (GSE-Compliance)

---in reply to ---

I tried doing a few commands after I telneted to it but it required more 
rights. I the only venue of sucess I got so far was loging in to the admin 
management page of the site, which is where I was trying to see if I could get 
further.

Sent via BlackBerry from T-Mobile

-----Original Message-----

From: cwright (at) bdosyd.com (dot) au [email concealed]

Date: 29 Oct 2007 21:38:47

To:pen-test (at) securityfocus (dot) com [email concealed]

Subject: Re: Pentesting Webserver

Have you tested to see if the FTP server is allowing uploads? Is the upload 
directory shared if one exists? I would not bypass FTP so soon.

Don?t forget the 2001 Apache compromise?

See Hal Pomeranz?s PPT at 
http://www.baylisa.org/library/slides/2002/baylisa-oct02.pdf

Regards,

Craig Wright

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Medusa 1.4 Release, jmk
Next by Date:  Full Disclosure of Security Vulnerabilities, jfvanmeter
Previous by Thread:  Re: Pentesting Webserver, Arian Amador
Next by Thread:  Medusa 1.4 Release, jmk
Indexes:  [Date] [Thread] [Top] [All Lists]