| Author |
Shells and xss |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure.
I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it.
How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell. |
  
|
| Author |
RE: Shells and xss |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
grep for /include($_GET/.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Shells and xss |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
|
chronicburst wrote:
I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure.
I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it.
How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell.
What your reffering to Remote File Inclusion. Google it. You can find articles with examples etc.
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: Shells and xss |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
|
Yea RFI, I was wondering if I could do RFI through some sort of javascblockedript injection, redirect or something. I can't seem to find anything on rooting with xss. Thats my intention. |
|
|
| Author |
RE: Shells and xss |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
RFI can NOT be done through javascblockedript injection. And the farthest "rooting" through xss that im aware you can do is ganking admin cookies ,sessions etc.
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: Shells and xss |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
Yea I used a perl scblockedript to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today.
Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning. |
|
|
| Author |
RE: Shells and xss |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
|
chronicburst wrote:
Yea I used a perl scblockedript to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today.
Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning.
You blocked image files completely? I'd say blocking image files and scblockedript files directly out of an upload / sharing site just ruins the whole point of the site. (i guess unless you wanted to share an article, but other than that... Best bet is to allow code submissions too and stuff like that but make sure everything uploaded doesn't set to execute on the server but perhaps is converted to txt or somehow filtered from running on server. I know other sites that do it but im not quite sure the code you would use for it, my PHP+MySQL skills are lame 
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
Main:
