Network Security: Detailed info on Exploits from command line?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Exploits from command line?

from [Benjamin Livshits] Network Security

[Permanent Link]

Subject:	Exploits from command line?
Date:	Tue, 18 Jan 2005 12:49:47 -0800

I've come upon some cases in large Web-base applications where the
errors such SQL injection and XSS are found in codes that are not
accessible by Web users. For instance, some applications include a few
sloppily written maintenance programs that are invoked from the command
line as well as Ant tasks that are supposed to be invoked by the
application administrator.

On the surface, these errors are probably pretty irrelevant, as an
attacker that has the permissions to run the application from the
command line is already in some sense in the system and can cause more
damage elsewhere. Is this the right assessment or are there situations
where the ability to perform SQL injections from the command line is in
fact somehow dangerous?

Thanks,
-Ben

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Is this expoitable via sql injection?, Nils Gundelach Re: Is this expoitable via sql injection?, Rogan Dawes Re: Is this expoitable via sql injection?, Nils Gundelach Exploits from command line?, Benjamin Livshits <= Re: Exploits from command line?, Antoine Martin

Previous by Date:	RE: (secure email) Proposal to anti-phishing, Evans, Arian
Next by Date:	Re: as security pro's, how do you use the web now?, ACMurray
Previous by Thread:	Re: Is this expoitable via sql injection?, Nils Gundelach
Next by Thread:	Re: Exploits from command line?, Antoine Martin
Indexes:	[Date] [Thread] [Top] [All Lists]