[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability

To: zeus olimpusklan <zeus.olimpusklan@xxxxxxxxx>
Subject: Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
From: Dan B UK <dan-fd@xxxxxxxxx>
Date: Tue, 31 Jan 2006 00:50:05 +0000

Hi zeus,

Did you even look at the source code for this script. If you had thenyou would see that in the case of register_global's being turned onthere is a bigger issue to worry about; Remote/Local File Inclusion -Server side.

I have just managed to examine the source code on a few servers in under10 minutes; from start to finish.

(I know that cookie stealing is an issue; and evil JavaScript can do alot. But if you can alter the server files then there is an even greaterissue!)

Due to the nature of the issue I am not disclosing the detail of ituntil the writer of the software has updated it; maybe you could havewaited??

A vulnerability that allows privileges of the apache user within thelimitations of how much PHP has been locked down.


Cheers,
Dan.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
  - From: George A. Theall
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
  - From: DanB-FD

References:
- [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
  - From: zeus olimpusklan

Prev by Date: Re: [Full-disclosure] Microsoft Volume Licensing infringement?
Next by Date: Re: [Full-disclosure] Microsoft Volume Licensing infringement?
Previous by thread: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
Next by thread: Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread