lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200706212021.l5LKLFCl001624@faron.mitre.org>
Date: Thu, 21 Jun 2007 16:21:15 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x


Scott MacVicar said:

>There is a much more significant issue than executing an XSS if you
>can upload a file to a remote site...

XSS could be put into an image that's allowed to be uploaded, then
directory traversal could be used to reference that image.  The image
data could be very small and made to look like it's conformant.

XSS could be put into log files (such as the web server log files)
simply by including it in an arbitrary request, then directory
traversal can be used to reference that log file.

Both of these techniques are commonly used in PHP exploits.  There are
probably others.

Then there's the whole possibility of using directory traversal to
reference completely unexpected code, which could prevent important
variables from being set, but people haven't researched that technique
very much.

In short - you don't need to create a file, you merely need to
influence its contents.

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ