Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

greensql firewall permanent xss

from [laurent . gaffie] Network Security [Permanent Link]
Subject: greensql firewall permanent xss
Date: 21 Sep 2007 19:24:11 -0000 
Site: http://greensql.net/
live-demo: http://demo.greensql.net/
Platform: alls
Bug: permanent xss
Special condition: none
Impact : semi-critical
-------------------------------------------------------

1) Introduction
2) Bug
3) Proof of concept
4) Credits
===========
1) Introduction
===========
GreenSQL is an Open Source database firewall used to protect databases from SQL 
injection attacks. GreenSQL works in a proxy mode and has built in support for 
MySQL. The logic is based on evaluation of SQL commands using a risk scoring 
matrix as well as blocking known db administrative commands (DROP, CREATE, etc).
======
2) Bug
======

permanent xss

=====
3)Proof of concept
=====
well the proof of concept can be anywhere , like a login form, an url value 
everythings is loggued in the green-sql
admin panel. the problem is because there's no filter , so the script logs your 
query in the database 
and then it's printed in the alert section . this can be pretty nastie ... you 
"protect" your script agains sql injection with a firewall , but you have a 
permanent xss in the panel . and actually only the admin see the logs .
so you know that the cookie is the good one !

an exemple can be given in the demo website :
http://www.greensql.net/sql-injection-test  fill login or password with 
<script>alert(document.cookie)</script>
then go in the admin panel :http://demo.greensql.net/   xss will be executed .



=====
5)Credits
=====

Laurent gaffie
contact : laurent.gaffie@gmail.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • greensql firewall permanent xss, laurent . gaffie <=
Previous by Date:  Re: [Full-disclosure] 0day: PDF pwns Windows, Kevin Finisterre (lists)
Next by Date:  [Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability, iDefense Labs
Previous by Thread:  [Full-disclosure] DEFCON London DC4420 meet - Monday 24th September, Major Malfunction
Next by Thread:  [Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]