Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Xoop

from [Vlad] Network Security [Permanent Link]
Subject: Re: Xoop
Date: Thu, 31 Aug 2006 13:19:13 -0400 (EDT) 

Hello,
 Yes I have already went after OS specific stuff etc. I was hoping
someone knew a way to pull up personal info for registered users on the
site or anything that would severely violate privacy policy etc.

As for OSVBD, I completely forgot, thank you
I already had everything I need but this is icing on the cake :-)
http://osvdb.org/displayvuln.php?osvdb_id=20853

Now for some quality report writing time...

Vlad G.

Josh Zlatin-Amishav wrote:
On
Wed, 30 Aug 2006, Vlad wrote:


  Hello,

I am pen testing a site and I found that it is running Apache/2.0.52

(Unix) mod_ssl/2.0.52 OpenSSL/0.9.7g PHP/5.0.4 mod_jk2/2.0.2  and

Xoop(don't know what version yet) among other things. The core of the

functionality I am testing is related to Xoop.


I searched for bugs and all the other basic stuff.


I noticed something interesting:

https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=index.php

so I tried

https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=../../

And I get a 404 file not found instead of 403!

With the exception of a few default apache DIRs listing is disabled but

all I need is to navigate to a useful/interesting file.


Anyone have any tips about Xoop?



Hi Vlad,

This is not Xoop specific, but do you have any indication if PHP's

open_basedir is enabled? In other words, have you tried requesting OS

related files? Another approach might be to try a remote file
inclusion,

(as long as allow_url_fopen has not been disabled) this way you could create

a local shell. Of course if your looking for Xoops specific issues there

are always these:

http://osvdb.org/searchdb.php?action=search_title&amp;vuln_title=xoops&amp;Search=Search


--

 - Josh





--

Vlad G.


The information transmitted is intended only for the person or entity to

which it is addressed and may contain confidential and/or privileged

material.

Any review, retransmission, dissemination or other use of, or taking of

any action in reliance upon, this information by persons or entities other

than the intended recipient is prohibited.

If you received this in error, please contact the sender and delete the

material from any computer.




!DSPAM:25,44f6951e214201459317085!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Xoop, Vlad
    • Re: Xoop, Vlad <=
Previous by Date:  Xoop, Vlad
Next by Date:  rewrite rule for apache, bituman
Previous by Thread:  Re: Xoop, Josh Zlatin-Amishav
Next by Thread:  rewrite rule for apache, bituman
Indexes:  [Date] [Thread] [Top] [All Lists]