Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
From: "Steven M. Christey" <coley () mitre org>
Date: Wed, 5 Apr 2006 01:23:24 -0400 (EDT)


Hello botan,

I have some questions about this report.

Web: http://www.ahbruinsma.nl

This web site requires a login.  Even the front page is not
accessible.

FleXiBle Development (FXB)

Is this a product, service, or a single web site?  There is very
little information in Google.

//Defining some functions and including them
require('php/messages.php');
//require base-file
//require_once('php/base.php');
include_once "baseconfig.inc.php";

These require/include statements do not use any variables, so the
paths cannot be controlled by a remote attacker.

http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

How does this "evilcode.txt" get into FXB?  Do you upload it?  Or do
you use directory traversal like ".." or "/abs/path"?  Or do you do a
remote file inclusion?

Finally, your subject line says there is XSS, but your report does not
say anything about XSS.  Is there also an XSS problem here?

Thank you,
Steve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault