Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Exploits from command line?

from [Antoine Martin] Network Security [Permanent Link]
Subject: Re: Exploits from command line?
Date: Wed, 19 Jan 2005 18:41:51 +0000 
On Tue, 2005-01-18 at 12:49 -0800, Benjamin Livshits wrote:

I've come upon some cases in large Web-base applications where the
errors such SQL injection and XSS are found in codes that are not
accessible by Web users. For instance, some applications include a few
sloppily written maintenance programs that are invoked from the command
line as well as Ant tasks that are supposed to be invoked by the
application administrator.

On the surface, these errors are probably pretty irrelevant, as an
attacker that has the permissions to run the application from the
command line is already in some sense in the system and can cause more
damage elsewhere. Is this the right assessment or are there situations
where the ability to perform SQL injections from the command line is in
fact somehow dangerous?

There are many cases where the local attack can be used for privilege
escalation. Depends on far too many things to list here. (What user runs
the injected code, can you inject code for later use by another user,
etc)
But without knowing the application you're talking about, it is
impossible to say.

Antoine


Thanks,
-Ben
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SQL injection, nummish
Next by Date:  RE: Proposal to anti-phishing, Lyal Collins
Previous by Thread:  Exploits from command line?, Benjamin Livshits
Next by Thread:  Proposal to anti-phishing, Rafael San Miguel
Indexes:  [Date] [Thread] [Top] [All Lists]