Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

PHP-Post Exploit
From: Terencentanio Enache <terencentanio () root32 com>
Date: 18 Mar 2005 10:54:35 -0000


~ PHOX: PHP-Post Exploit ~

###
# Content
###

 - Credits
 - BICWAE
 - Solution
 - Contact

###
# Credits
###

Exploit discovered by Phoxpherus (Phorce), Phox (R&P), Terencentanio (Root32)
Thanks to SilentWolf for the name (BICWAE) ... lmao

###
# BICWAE - Bypassing Input Check With Alternate Entries
###

It's possible to 'spoof' your user identity using alternate characters. 

Using the user "Dave" for example (who is an admin at the official site), if we go to the registration page and try to 
sign up as "Dave"... no dice. However, if we sign up as "&#68;ave"... dice. 

Now, we can login as "&#68;ave" and every time someone views our username, it'll be displayed as "Dave". 

You may ask what use this is, as it can't grant access to anything in particular, but if you were going to SE your way 
in, this would be a _VERY_ helpful tool. I aren't going to go into the methods, reason speaks for itself.

###
# Solution
###

You can filter the input either by using:

str_replace("&#", "");

or

str_replace("&", "&#38;")

... or anything else, I suppose. These are just 2 that spring to mind.

###
# Contact
###

Email: terencentanio.enache () btopenworld com
MSN: al_bhed_brother () microsoft com

  By Date           By Thread  

Current thread:
  • PHP-Post Exploit Terencentanio Enache (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]