Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: UPB: Discussion Board/Web-Site Takeover

from [rgod] Network Security [Permanent Link]
Subject: Re: UPB: Discussion Board/Web-Site Takeover
Date: 19 Jul 2005 05:41:18 -0000 
this is probably a hoax or an error, the system command is not executed, it's 
invisibile and inside the html... :) you can put a javascript instead and steal 
cookies. This is my proof of concept exploit:

http://www.rgod.altervista.org/upbgold196poc.php.txt

(if you have troubles with this script set allow_call_time_pass_reference = on
and register_globals = On)

otherwise you can make with telnet but in the user agent field you can make 
something like:

<script>alert(document.cookie)</script>

and when admin open ip log file the javascript will run in the security contest 
of his system...

however, you can craft some special urls, (look at this link: 
http://www.rgod.altervista.org/upbgold196xssurlspoc.txt ) to have same 
results...

sorry for my bad English

rgod

email: rgod@autistici.org
site: http://rgod@altervista.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: UPB: Discussion Board/Web-Site Takeover, rgod <=
Previous by Date:  Re: On classifying attacks, Technica Forensis
Next by Date:  Re: Anonymous Anonymity - Request For Comments, S_Dorn/CIB
Previous by Thread:  FreeBSD Security Advisory FreeBSD-SA-05:17.devfs, FreeBSD Security Advisories
Next by Thread:  SQL Injection in Chinese ASP Webcounter, r_i_t_b_15
Indexes:  [Date] [Thread] [Top] [All Lists]