What kind of bug is this? - Web Application Security

mandi

I have been started to learning about basic web-application hacking,
Like others i have a lot of questions in my mind for which i can't able to find answers,so tought of asking here,hope members will understand this

now coming to the question

As a beginner i had scanned my target site with accunteix web scanner and crawled the site structure,the site does have a login page for members

I checked in the crawled list ,there is a link like this

http://www.target.com/admin.aspx

once i registered for a ordinary user account and logged in with that account and i entered the above url it gaved me access to the admin module,

here admin module doesn't means the cpanel access,it is some thing like management page of the students info,

i want to know what kind of bug is this?

is it possible to obtain a shell with this bug?

if any 1 interested to help me,please let me know...

hope members wont get annoyed of my questions , and i am also hoping that i will find some help here...

Sh3llc0d3

A) Using acunetix is a very 'loud' scanner other are much better. Any proficient webmaster would know if the host has been scanned with it. Crawling the site is also the same.

B) I think, without knowing the page, I'd say that you've found a site whic has given you certain privilidges, to upload a shell you'd have to find a way of executing arbitrary code (and then inject the shell onto the server) from your current user-group as it is currently or escalate your privilidges to administrator and then upload the shell. I think the latter will take more time but may prove less technical.

I think you should get a screenshot of the management page you speak of, blank url etc out if you want in paint. It'll give us more idea of where you are at the moment.

EDIT: PM me the URL if you want mate and I'll take a look, Xinapse would probably be a better opinion, he's shit hot with web app security.

Xin

Its hard to say without a real link, if you could post that i could give more info.

mandi

pm sent to "Xinapse" and "Semtex-Primed",hoping for some help/advice...

Sh3llc0d3

my pm contains:

bug details!
To: Semtex-Primed
undefined

Raise again and again until lambs become Lion..
Never give up !!!!

Please send again if you can :)

mandi

sorry mate,check now and let me know when ever possible.....

Sh3llc0d3

Ok, checked it out and looks like basic data-entry priviledges, you can add and remove entries to some sort of database. For an IT solutions provider it's very poor security. One idea may be that if it allows you to upload something such as a picture or something similiar through the admin panel, you 'may' be able to get away with uploading a shell and disguising it. I say may, because i've not checked it out that thoroughly. I'd be interested to hear what Xin thinks.

chroniccommand

said:

Ok, checked it out and looks like basic data-entry priviledges, you can add and remove entries to some sort of database. For an IT solutions provider it's very poor security. One idea may be that if it allows you to upload something such as a picture or something similiar through the admin panel, you 'may' be able to get away with uploading a shell and disguising it. I say may, because i've not checked it out that thoroughly. I'd be interested to hear what Xin thinks.

I've checked it out too and I can say that theres really no way to upload a shell on it. And it's the result of poor coding. Very poor coding.

Howdy, Stranger!

Top Posters

Who's Online (0)