Today I was idle waiting for my windows XP to install. Writing some code and then, and suddenly I came to two places on the internet ( one is my friend's page and one is a blog ) which is vulnerable to malicious attacks. I am a pretty novice one so please feel free to discuss should you feel interested.
The first one is a Local File Include Vulnerability in a php script that did not sanitize the input properly ( well I am guessing that he did not even do so ). So I am free to read anything on the server. Though, there are magic quotes on, how can I get around them? I tried using urldecoding schemes but to no success. More to try soon.
The second one is an XSS vulnerability on the input fields of a profile, which will show public. This allows malicious users to secretly send cookies away to a server for collection. Of course, the server is actually performing some sanitizing using ( seemingly ) the default magic quotes of PHP at some places. But for the place I exploited most easily seems to contains no sanitizing ( that nothing was escaped ). I will look further into it.
OOT - I caught the attention of the administrator of the blog and he deleted my account after like a few minutes when he discovered my account to be so suspicious. Hah. That is bad.
Subscribe to:
Post Comments (Atom)
2 comments:
The field you exploited is ... self introduction? or signature? I think sometime they allow HTML code is a big mistake, I just try some forum and they also have the same problem too.
One place I found is the securest is jijija.com. Actually they allow HTML used in the thread, but I cannot even insert script or html or meta.
However, I keep finding its hole :D
I haven't try every single field of it though, it was like morning 7 am when I am playing with it.
BTW, how did you get in jijija.com anyway as its closed source? I am rather interested.
Post a Comment