[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050318105435.7502.qmail@www.securityfocus.com>
Date: 18 Mar 2005 10:54:35 -0000
From: Terencentanio Enache <terencentanio@...t32.com>
To: bugtraq@...urityfocus.com
Subject: PHP-Post Exploit
~ PHOX: PHP-Post Exploit ~
###
# Content
###
- Credits
- BICWAE
- Solution
- Contact
###
# Credits
###
Exploit discovered by Phoxpherus (Phorce), Phox (R&P), Terencentanio (Root32)
Thanks to SilentWolf for the name (BICWAE) ... lmao
###
# BICWAE - Bypassing Input Check With Alternate Entries
###
It's possible to 'spoof' your user identity using alternate characters.
Using the user "Dave" for example (who is an admin at the official site), if we go to the registration page and try to sign up as "Dave"... no dice. However, if we sign up as "Dave"... dice.
Now, we can login as "Dave" and every time someone views our username, it'll be displayed as "Dave".
You may ask what use this is, as it can't grant access to anything in particular, but if you were going to SE your way in, this would be a _VERY_ helpful tool. I aren't going to go into the methods, reason speaks for itself.
###
# Solution
###
You can filter the input either by using:
str_replace("&#", "");
or
str_replace("&", "&")
... or anything else, I suppose. These are just 2 that spring to mind.
###
# Contact
###
Email: terencentanio.enache@...penworld.com
MSN: al_bhed_brother@...rosoft.com
Powered by blists - more mailing lists