Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 18
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-09 08:21
I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure.
I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it.
How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell.
Author

RE: Shells and xss

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 25-06-09 09:58
grep for /include($_GET/.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-09 21:46
chronicburst wrote:
I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure.
I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it.
How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell.


What your reffering to Remote File Inclusion. Google it. You can find articles with examples etc.


Author

RE: Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-09 00:25
Yea RFI, I was wondering if I could do RFI through some sort of javascript injection, redirect or something. I can't seem to find anything on rooting with xss. Thats my intention.
Author

RE: Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-09 00:27
RFI can NOT be done through javascript injection. And the farthest "rooting" through xss that im aware you can do is ganking admin cookies ,sessions etc.


Author

RE: Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-09 04:24
Yea I used a perl script to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today.
Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning.
Author

RE: Shells and xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-09 06:51
chronicburst wrote:
Yea I used a perl script to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today.
Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning.


You blocked image files completely? I'd say blocking image files and script files directly out of an upload / sharing site just ruins the whole point of the site. (i guess unless you wanted to share an article, but other than that... Best bet is to allow code submissions too and stuff like that but make sure everything uploaded doesn't set to execute on the server but perhaps is converted to txt or somehow filtered from running on server. I know other sites that do it but im not quite sure the code you would use for it, my PHP+MySQL skills are lame Pfft