Check your site for XSS vulnerability

[coder0403]

Quote:

Originally Posted by rive0108

the sql query can be rewritten, and can be set to call cfp.php global $db;, and on sites that arent properly protected a shell can be uploaded to the public_html directory via other exploits, and can contain script which will give authorized user access, etc

It is an easy task to upload this kinf of file on 70% of the GSS sites that are default config

PHP Code:

<?php
include "../cfg.php";
$db->query("QUERY HERE");
?>

If you can upload a file to their server, it's meant you hacked it. Why the hacker need to exploit more to the admin area ? It's private area, no one can't access to. For example: I kept my key to open my house door on the table in the house. If i can get in house by the door and take that key, why do i need the key when i already in house?

[coder0403]

You are going wrong way of the main topic now. Just recheck my posts. Maybe my English so bad. Sorry for this.

[rive0108]

Quote:

Originally Posted by coder0403

If you can upload a file to their server, it's meant you hacked it. Why the hacker need to exploit more to the admin area ? It's private area, no one can't access to. For example: I kept my key to open my house door on the table in the house. If i can get in house by the door and take that key, why do i need the key when i already in house?

Once access is gained, the Admin Area is vulnerable, and access can easiliy be obtained, its a simple as running a query to elevate another user to "Admin-`yes`", or just changing the MD5 hash for the existing password.

The point I am trying to make here is that Users need to secure their scripts so that html code/queries cannot be appended to the URI string.

The only reason those urls as mentioned in post #1 "work" is because they exploit a vulnerability in the script. They should not work, and should be 403 Forbidden.

As for why would some one who hacked and gained access, want to further run codes and exploits/queries/JS/HTML thats because they can continue their "backdoor" access and do with your site whatever they want- from using it as a botnet/spamming/or to upload malicious malware/viruses/spyware and use it to further infect others- the options and reasons are endless.

See this for one such vulnerability (in case you missed in my last edited post):

[rive0108]

In the end though, to close this-


The <a href/> anchor tags/db query for the nested Category Links in Admin/Media (and via address bar) WILL NOT function in the GSS 4.5 version due to the hardening of the mysql_real_escape_string, and the mysql_real_escape_string(strip_tags), and other security improvements.

So, regardless of Coder0403's view on this issue, The new script version will break these, and prevent the html/query from being attached to the URI.

It will result in a 403 Forbidden.

I have made sure of that.

These links in admin/media will be fixed and rewritten to properly call a db query function

You can see the result here of how it will be:
http://www.havocarcade.com/admin/ind...=sqlacces s-do

[coder0403]

Okay, thank rive0108. Please remove the site above that you uploaded remview.

[rive0108]

Quote:

Originally Posted by coder0403

Okay, thank rive0108. Please remove the site above that you uploaded remview.

I uploaded nothing

[FastTrack]

Folks, Its good to have a friendly debate on the vulnerable possiblities. Its all for good so that the community is updated on the risks involved.

Anyways, i feel we should not take this discussion further as the community is now well aware of the risk involved.