Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

From: Steven M. Christey <coley_at_mitre.org>
Date: Wed, 5 Apr 2006 01:23:24 -0400 (EDT)

Hello botan,

I have some questions about this report.

>Web: http://www.ahbruinsma.nl

This web site requires a login. Even the front page is not
accessible.

>FleXiBle Development (FXB)

Is this a product, service, or a single web site? There is very
little information in Google.

>//Defining some functions and including them
>require('php/messages.php');
>//require base-file
>//require_once('php/base.php');
>include_once "baseconfig.inc.php";

These require/include statements do not use any variables, so the
paths cannot be controlled by a remote attacker.

>http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

How does this "evilcode.txt" get into FXB? Do you upload it? Or do
you use directory traversal like ".." or "/abs/path"? Or do you do a
remote file inclusion?

Finally, your subject line says there is XSS, but your report does not
say anything about XSS. Is there also an XSS problem here?

Thank you,
Steve
Received on Apr 09 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]