Re: Password policy.
- Date: Wed, 14 Nov 2018 19:25:55 +0800
- From: Corey Manshack <corey@xxxxxxxxxxx>
- Subject: Re: Password policy.
So using the file uploader tool we can inject many more dangerous scripts and codes to gain higher access than just “reading” /etc/shadow if the uploader tool is running as privileged user or we gained privilege escalation another way.
Sent from my iPhone
> On Nov 14, 2018, at 7:20 PM, Andrew McGlashan <andrew.mcglashan@xxxxxxxxxxxxxxxxxxxxx> wrote:
>> On 14/11/18 9:28 pm, Corey Manshack wrote:
>> If they have /etc/shadow why would they need to brute force :) I can’t think of a vuln that would give that up without them already having root.
> A website file uploader tool, apparantly there has been one there for
> about 10 years using jquery. Once the file is uploaded, it can be
> leveraged to steel other files that the website shouldn't have access to.
> That's just one example. I'm sure there are many others.