Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

To: botan@xxxxxxxxxxxxx
Subject: Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Wed, 5 Apr 2006 01:23:24 -0400 (EDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello botan,

I have some questions about this report.

>Web: http://www.ahbruinsma.nl

This web site requires a login.  Even the front page is not
accessible.

>FleXiBle Development (FXB)

Is this a product, service, or a single web site?  There is very
little information in Google.

>//Defining some functions and including them
>require('php/messages.php');
>//require base-file
>//require_once('php/base.php');
>include_once "baseconfig.inc.php";

These require/include statements do not use any variables, so the
paths cannot be controlled by a remote attacker.

>http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

How does this "evilcode.txt" get into FXB?  Do you upload it?  Or do
you use directory traversal like ".." or "/abs/path"?  Or do you do a
remote file inclusion?

Finally, your subject line says there is XSS, but your report does not
say anything about XSS.  Is there also an XSS problem here?

Thank you,
Steve

Prev by Date: Re: recursive DNS servers DDoS as a growing DDoS problem
Next by Date: Re: Bypassing ISA Server 2004 with IPv6
Previous by thread: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
Next by thread: SQuery <= 4.5 Remote File Inclusion Exploit
Index(es):
- Date
- Thread