Web lists-archives.com

Re: Password policy.




So using the file uploader tool we can inject many more dangerous scripts and codes to gain higher access than just “reading” /etc/shadow if the uploader tool is running as privileged user or we gained privilege escalation another way.

Sent from my iPhone

> On Nov 14, 2018, at 7:20 PM, Andrew McGlashan <andrew.mcglashan@xxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> 
> 
>> On 14/11/18 9:28 pm, Corey Manshack wrote:
>> If they have /etc/shadow why would they need to brute force :) I can’t think of a vuln that would give that up without them already having root.
> 
> A website file uploader tool, apparantly there has been one there for
> about 10 years using jquery.  Once the file is uploaded, it can be
> leveraged to steel other files that the website shouldn't have access to.
> 
> That's just one example.  I'm sure there are many others.
> 
> A.