[nycphp-talk] [OT] XSS, Joomla & Remote Shells
Ben Sgro (ProjectSkyline)
ben at projectskyline.com
Thu Jun 28 15:21:27 EDT 2007
Hello again,
I've always had an interest in security. Not too long ago a friend was looking
into deploying joomla for a client. He's a pentester/researcher for a very well
educated and influential firm = ] , so he had to make sure it was going to be secure.
He started researching and found that many joomla installs had/have been comprimised
via XSS attacks.
Today, he posted the link of a site that had been owned by XSS and the crackers installed this
web based backdoor script.
I grabbed the script and included it here http://www.projectskyline.com/phplist/r57shell.txt
to show PHP developers AGAIN how important security is and give us an inside look at
some of the tools our enemies are armed with.
For those that deploy joomla, this is especially something to watch for.
For everyone else, just something to checkout.
You'll notice this script enables:
- Mail to be sent out (w/or w/out files attached)
- Commands to be run.
- Search for SUID, writable directories, files, tmp files., .(files) ...
- Outgoing connections to be established
- Some kind of IRC implementation
- SQL to be run
- Files can be downloaded and uploaded
- and much, much more.
- Ben
Ben Sgro, Chief Engineer
ProjectSkyLine - Defining New Horizons
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070628/a740c470/attachment.html>
More information about the talk
mailing list