Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: CSS implication
From: "Arta" <arta () the-group org>
Date: Mon, 18 Mar 2002 09:35:08 -0000
You can also execute arbitrary commands as the user that runs php/apache if
the author of the script does anything like this:

<?php
include $somevariable.".inc";
?>

you could then craft a URL to include a txt file containing php code from
another server - then, using popen and exec and system, etc, you can get it
to do just about anything. If a mysql connection was opened before the above
line you could steal their entire database. There was a bug like this in
PHPNuke a while back.

Harry


----- Original Message -----
From: "Matt Priestley" <mpriest () microsoft com>
To: <vuln-dev () securityfocus com>
Sent: Saturday, March 16, 2002 9:47 PM
Subject: RE: CSS implication


Here are some of the things my security team has observed with relation to
cross-site scripting:

* as you said, persistent cookie theft
* "session theft" where you act in the context of a privileged user
* as you said, running script or objects
* SQL injection attacking the back end logic
* likewise, XML injection
* changing page banners or other decorations in deceptive ways
* DoS attacks on the underlying system error logs
* causing a trusted page to display a link to an untrusted page

-----Original Message-----
From: zero [mailto:zeroboy () arrakis es]
Sent: Saturday, March 16, 2002 5:39 AM
To: vuln-dev () securityfocus com
Subject: CSS implication


Hi all,
         I'm working on a CSS paper, and I was wondering, what are the real
implications of a CSS attack. When some site is vuln to a CSS problem,
you're able to execute code on the web. I've thought about the implications
of this. First of all:
         - You can steal cookies from users
         - You can send bogus links faking the original site: i.e
http://site/vuln.php?query=<script>...(faking vuln.php)...</script>
         - You can download & launch activeX (possible to download and
execute trojans?)

Any more dangerous implications?


mailto:zeroboy () arrakis es
http://www.podergeek.com
http://www.citfi.org
**************************************************
"The further backward you look, the further forward you can see" Winston
Churchill
  "Para ganar, hay gente que debe perder"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]