BugTraq
PHP-Post Exploit Mar 18 2005 10:54AM
Terencentanio Enache (terencentanio root32 com)


~ PHOX: PHP-Post Exploit ~

###
# Content
###

- Credits
- BICWAE
- Solution
- Contact

###
# Credits
###

Exploit discovered by Phoxpherus (Phorce), Phox (R&P), Terencentanio (Root32)
Thanks to SilentWolf for the name (BICWAE) ... lmao

###
# BICWAE - Bypassing Input Check With Alternate Entries
###

It's possible to 'spoof' your user identity using alternate characters.

Using the user "Dave" for example (who is an admin at the official site), if we go to the registration page and try to sign up as "Dave"... no dice. However, if we sign up as "Dave"... dice.

Now, we can login as "Dave" and every time someone views our username, it'll be displayed as "Dave".

You may ask what use this is, as it can't grant access to anything in particular, but if you were going to SE your way in, this would be a _VERY_ helpful tool. I aren't going to go into the methods, reason speaks for itself.

###
# Solution
###

You can filter the input either by using:

str_replace("&#", "");

or

str_replace("&", "&")

... or anything else, I suppose. These are just 2 that spring to mind.

###
# Contact
###

Email: terencentanio.enache (at) btopenworld (dot) com [email concealed]
MSN: al_bhed_brother (at) microsoft (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus