Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Shells and xss

  1. Home
  2. Forum
  3. Questions
  4. Shells and xss

ghost's Avatar

ghost

0 0

I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure. I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it. How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell.


spyware's Avatar

spyware

Banned
0 0

grep for /include($_GET/.


ghost's Avatar

ghost

0 0

chronicburst wrote: I setup a website with Invision Power Board 1.3 Final, which is known to have a variety of vulnerabilities. From SQL injections to path disclosure. I remember doing a challenge here where I changed a php action in a url.. ?=.. and I changed it to another site with a php shell (r57) uploaded to it. How could I do this to the one I setup on the website. I cant seem to remember or find anything using 1.3 final using a shell.

What your reffering to Remote File Inclusion. Google it. You can find articles with examples etc.


ghost's Avatar

ghost

0 0

Yea RFI, I was wondering if I could do RFI through some sort of javascript injection, redirect or something. I can't seem to find anything on rooting with xss. Thats my intention.


ghost's Avatar

ghost

0 0

RFI can NOT be done through javascript injection. And the farthest "rooting" through xss that im aware you can do is ganking admin cookies ,sessions etc.


ghost's Avatar

ghost

0 0

Yea I used a perl script to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today. Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning.


ghost's Avatar

ghost

0 0

chronicburst wrote: Yea I used a perl script to exploit IPB 1.3 but when I entered the values incorrectly it returned that the cookie=00000000000000000000000000, where as when I typed it correctly it returned "Not Vulnerable." I also have the photo upload blocked so there can't be a file uploaded, like a shell from what I was reading earlier today. Not something I have to do though, just experimenting. Not that I want to fail this task. Well off to do some more learning.

You blocked image files completely? I'd say blocking image files and script files directly out of an upload / sharing site just ruins the whole point of the site. (i guess unless you wanted to share an article, but other than that… Best bet is to allow code submissions too and stuff like that but make sure everything uploaded doesn't set to execute on the server but perhaps is converted to txt or somehow filtered from running on server. I know other sites that do it but im not quite sure the code you would use for it, my PHP+MySQL skills are lame :p