admin wrote:

test wrote:

anonymous wrote:

guest wrote:

admin wrote: Welcome to my blog, this page is vulnerable to a few different things.
1) Of course Xss
Yes the textarea is vulnerable try it out.
2) RFI - Remote File Inclusion
Through the use of RFI an attacker can specify an external file to be included in the page through the address bar. Misconfigured servers that allow URL page access will allow you to access a page stored on another website. For instance erase everything after the = sign, and type http://www.milw0rm.com.
It should look like this: http://owaspbwa/ghost/iframe.php?page=http://www.milw0rm.com
As you can see, milw0rm loads in this page.
3)LFI - Local File Inclusion
Through the use of LFI, an attacker could possibly view pages that they weren't meant to see. For instance this string from your address bar right now: ?page=form.php. If you everything after the = sign and type in the name of another file on the site it will load in the browser. Let's try it. Type in ?page=index.php. As you can see the original textarea is still there, and it loads the login page.
4) Iframe Injection - The whole site is vulnerable to iframe injection. This will be the first spot that I will cover it. Iframe injection is very simple let's give it a go. In the text area type <iframe src='http://www.milw0rm.com'></iframe>
As you can see there is a new frame inside of the page with milw0rm loaded inside of it. Many iframe injections cannot be seen, this can be done by adding visibility='hidden' or height='0' and width='0'. Invisible iframes riddle many websites, they are used to inject viruses, spread worms, clickjacking, credential stealing, or possibly to gain a shell through exploit code that implements reverse tcp connections or possibly uploads a backdoor to a visitors computer. More about this on many websites that cover using netcat, or metasploit.
5) Html / Form Injection - You can inject a form, or any other html tag into this blog. I tested it with the cookieMonster.php program I made, this can be a way for an attacker to steal credentials, perform click jacking, or just about any other attack one could think of.