lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050719054118.24032.qmail@securityfocus.com>
Date: 19 Jul 2005 05:41:18 -0000
From: rgod@...istici.org
To: bugtraq@...urityfocus.com
Subject: Re: UPB: Discussion Board/Web-Site Takeover


this is probably a hoax or an error, the system command is not executed, it's invisibile and inside the html... :) you can put a javascript instead and steal cookies. This is my proof of concept exploit:

http://www.rgod.altervista.org/upbgold196poc.php.txt

(if you have troubles with this script set allow_call_time_pass_reference = on
and register_globals = On)

otherwise you can make with telnet but in the user agent field you can make something like:

<script>alert(document.cookie)</script>

and when admin open ip log file the javascript will run in the security contest of his system...

however, you can craft some special urls, (look at this link: http://www.rgod.altervista.org/upbgold196xssurlspoc.txt ) to have same results...

sorry for my bad English

rgod

email: rgod@...istici.org
site: http://rgod@...ervista.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ