NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP Pentration Discussion

Jose Villegas jv_nyphp at duikerbok.com
Sat May 28 11:21:10 EDT 2005


The site in question wasn't escaping characters submitted by a user so 
a person could submit html code which manipulated the markup of the 
response page.

One question: Rasmus mentions that he can trick people into sending 
their user names and passwords. I'm assuming he meant he could do this 
with the hack he demonstrated. But if he goes to a website and does 
this, how does he have access to another person's user names and 
passwords? Isn't he only manipulating the response page which only he 
is seeing?

I'm guessing if he submits his "name" which contains html code, the 
name is stored in a database and retrieved by an administrator, 
javascript could be inserted which could grab cookie values (for 
example) from the administrator. Something similar could be done if the 
name is posted to a bulletin board or a similar web application.

Would there be any other vulnerabilities?

jose

On May 28, 2005, at 1:25 AM, Hans Zaunere wrote:
> For those not on the PHP-General list, a good thread has recently been 
> developing where Rasmus showed some interesting examples and 
> discussion of cross-site scripting vulnerabilities.
>
> Follow the thread
> http://marc.theaimsgroup.com/?t=111721168800001&r=1&w=2
>
> And Rasmus' first post:
> http://marc.theaimsgroup.com/?l=php-general&m=111722197717368&w=2
> ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1374 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050528/d3152673/attachment.bin>


More information about the talk mailing list