<<< Date Index >>>     <<< Thread Index >>>

Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking



Hello botan,

I have some questions about this report.

>Web: http://www.ahbruinsma.nl

This web site requires a login.  Even the front page is not
accessible.

>FleXiBle Development (FXB)

Is this a product, service, or a single web site?  There is very
little information in Google.

>//Defining some functions and including them
>require('php/messages.php');
>//require base-file
>//require_once('php/base.php');
>include_once "baseconfig.inc.php";

These require/include statements do not use any variables, so the
paths cannot be controlled by a remote attacker.

>http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

How does this "evilcode.txt" get into FXB?  Do you upload it?  Or do
you use directory traversal like ".." or "/abs/path"?  Or do you do a
remote file inclusion?

Finally, your subject line says there is XSS, but your report does not
say anything about XSS.  Is there also an XSS problem here?

Thank you,
Steve