|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 133
Members: 0
Total: 133
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
uload shell by xss |
|
Posted: Sat May 31, 2008 11:18 am |
|
|
siurek22 |
Regular user |
|
|
Joined: May 31, 2008 |
Posts: 13 |
|
|
|
|
|
|
|
some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
|
|
|
|
|
Re: uload shell by xss |
|
Posted: Sat May 31, 2008 12:29 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
siurek22 wrote: | some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
I don't think it's possible, unless used in conjunction with something like php code execution or sql injection. |
|
|
|
|
Posted: Sat May 31, 2008 4:06 pm |
|
|
siurek22 |
Regular user |
|
|
Joined: May 31, 2008 |
Posts: 13 |
|
|
|
|
|
|
|
I don't ask you if this is posible but how do it I know this is posible per 100% (it doesn't work whenever) |
|
|
|
|
Posted: Sat May 31, 2008 5:23 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
This is posible if you steal admin hash and upload shell from admin panel. |
|
|
|
|
|
Re: uload shell by xss |
|
Posted: Sat May 31, 2008 8:34 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
siurek22 wrote: | some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
XSS and shell uploading to target server are not directly correlated.
Maybe you meant this thing:
http://www.securiteam.com/tools/6X00120HFO.html |
|
|
|
|
Posted: Sat May 31, 2008 8:55 pm |
|
|
siurek22 |
Regular user |
|
|
Joined: May 31, 2008 |
Posts: 13 |
|
|
|
|
|
|
|
"steal admin hash" very funy... Have you ever seen hash from phpbb3? You are good if you crash it ;]
"Maybe you meant this thing: " no i don't think about it. I remeber in this article which I was reading, was very long code of html and when i put them at website i can upload some file |
|
|
|
|
Posted: Sun Jun 01, 2008 1:18 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
You don't understand siurek22, XSS is executing a javascript or other script file from one website on the target website. Javascript has no file manipulation or system manipulation capabilities as it is purely client side. |
|
|
|
|
Posted: Sun Jun 01, 2008 7:32 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
siurek22 wrote: | "steal admin hash" very funy... Have you ever seen hash from phpbb3? You are good if you crash it ;]
"Maybe you meant this thing: " no i don't think about it. I remeber in this article which I was reading, was very long code of html and when i put them at website i can upload some file |
...and you ever seen passwordspro?I love funny guy's like you dude. |
|
|
|
|
Posted: Sun Jun 01, 2008 8:00 am |
|
|
siurek22 |
Regular user |
|
|
Joined: May 31, 2008 |
Posts: 13 |
|
|
|
|
|
|
|
yes i've seen passwordspro but when i put hash md5 i had to wait 40h i have a database where i have 20000 hashes crypted by phpbb_hash() and i want crash only 10 from 20000 but how many time will be done? |
|
|
|
|
Posted: Sun Jun 01, 2008 10:57 am |
|
|
lenny |
Valuable expert |
|
|
Joined: May 15, 2008 |
Posts: 275 |
|
|
|
|
|
|
|
Surely you could use a remote file include exploit to run a shell - Its not exactly what you wanted, but you get the same effect |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|