| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 19 Jul 2005 05:41:18 -0000 From: rgod@...istici.org To: bugtraq@...urityfocus.com Subject: Re: UPB: Discussion Board/Web-Site Takeover this is probably a hoax or an error, the system command is not executed, it's invisibile and inside the html... :) you can put a javascript instead and steal cookies. This is my proof of concept exploit: http://www.rgod.altervista.org/upbgold196poc.php.txt (if you have troubles with this script set allow_call_time_pass_reference = on and register_globals = On) otherwise you can make with telnet but in the user agent field you can make something like: <script>alert(document.cookie)</script> and when admin open ip log file the javascript will run in the security contest of his system... however, you can craft some special urls, (look at this link: http://www.rgod.altervista.org/upbgold196xssurlspoc.txt ) to have same results... sorry for my bad English rgod email: rgod@...istici.org site: http://rgod@...ervista.org
Powered by blists - more mailing lists