|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 59
Members: 0
Total: 59
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Got an website exploit - can I crack the server? |
|
Posted: Wed Oct 13, 2004 8:02 am |
|
|
peteblackhouse |
Beginner |
|
|
Joined: Oct 13, 2004 |
Posts: 2 |
|
|
|
|
|
|
|
Suppose I find an exploit in a website of some sort: remote inclusion, XSS, whatever. If the site is running a CMS I should be able to take some control over that system by stealing the admin cookie or whatever.
OK, now suppose the site is just plain HTML with some PHP and MySQL behind it. Can I use the exploit to crack the server? The apache process will be running as a 'www' sort of user with very limited permissions WRT the files on disk. How can I use a web exploit to take control? What sort of steps should I be looking to take next? |
|
|
|
|
Posted: Fri Nov 12, 2004 1:28 am |
|
|
OkIDaN |
Regular user |
|
|
Joined: Nov 12, 2004 |
Posts: 6 |
Location: Azerbaijan |
|
|
|
|
|
|
IMO you dont exactly know what you are asking. My advice, read some specific stuff, read much. Noonw ill give those answers out. Not only because that is so valuable, but also because that is so abstract. Like asking "how to swim". |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|