tag:blogger.com,1999:blog-7709545987428077201.post3656129060461292139..comments2023-12-18T22:33:06.504-08:00Comments on Schmoilitos Way: Stealing Basic Auth with Persistent XSS - Part 2Mike Zusmanhttp://www.blogger.com/profile/12928702448334406855noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-7709545987428077201.post-76563927649970372722008-03-25T05:30:00.000-07:002008-03-25T05:30:00.000-07:00@weaktight: It's possible, but unlikely. There are...@weaktight: It's possible, but unlikely. There are a multitude of other attack vectors in PHP applications that could allow someone direct access to your source code.<BR/><BR/>Check out <A HREF="http://www.securereality.com.au/studyinscarlet.txt" REL="nofollow">http://www.securereality.com.au/studyinscarlet.txt</A>Mike Zusmanhttps://www.blogger.com/profile/12928702448334406855noreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-41941251911362024332008-03-24T20:56:00.000-07:002008-03-24T20:56:00.000-07:00I recently had my website hacked. They stole all ...I recently had my website hacked. They stole all my source code. Could this method have been used?weaktighthttps://www.blogger.com/profile/13747272723306563248noreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-82932095636435598762008-03-24T10:06:00.000-07:002008-03-24T10:06:00.000-07:00Thanks for the response.I should have thought of t...Thanks for the response.<BR/><BR/>I should have thought of the XSS problem. I've taken steps to prevent that from occurring.<BR/><BR/>Love your Blog. Wish more people would comment.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-8807352699333431012008-03-23T17:02:00.000-07:002008-03-23T17:02:00.000-07:00This will make it MUCH harder for an attacker to d...This will make it MUCH harder for an attacker to discover that the script is serving phpinfo() in the first place. <BR/><BR/>But the vulnerability will still be there. If you are coming from the appropriate IP, the attacker has control of your browser via XSS, and he knows the URL serving phpinfo(), then the attack will still work.<BR/><BR/>Thanks for the comment.Mike Zusmanhttps://www.blogger.com/profile/12928702448334406855noreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-23685262578214741432008-03-23T16:49:00.000-07:002008-03-23T16:49:00.000-07:00So would this also be a problem, if protected by b...So would this also be a problem, if protected by basic auth...assuming the attacker did not have access to your public IP?<BR/><BR/><?PHP<BR/>if ($_SERVER["REMOTE_ADDR"]=="000.000.000.000") {<BR/> echo "\r\n<br>";<BR/> echo phpinfo();<BR/>}else{<BR/> header("HTTP/1.1 403 Forbidden");<BR/> header("Connection: close");<BR/>}<BR/>?>Anonymousnoreply@blogger.com