Security vulnerability
Posted: Wed Aug 10, 2005 12:15 pm
Lets see how evil you guys are. What would you do if you find a security vulnerability on someones web site, no matter how big or small
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
exactally. like it they acidently are able to let me run linux commands on the server i would check to see if i could read the contents of the dir which would be exploiting it, just to make sure. this would be harmless as im not doing anything but i am exploiting it and then i would tell them that i was able to do things.Jcart wrote:I generally would find the exploit and then report it.
I don't really see how you can not find an exploit by not trying it
Thanks, I guess this is what was meant by the original question. In my opinion, all of these can also be defined as exploiting a vulnerability. Where the code resides, whether the exploit is intentional, and things like this don't alter my definition of exploit.nielsene wrote:Well to me, finding a vulnerabliity implies either
1) code review of public code (open source), possibly with test on a local (reporter's own system)
2) A user, in the course of normal use, noticing that s/he was given access to something s/he shouldn't have access to
3) A user accidentally doing something and 2) (perhaps they editted a bookmark by accident, etc)
Even case 1? I can understand some people still calling 2 and 3 exploits, even if uninitentional. Case 1 is not an exploit, unless you consider all code audits/security work exploits.....shiflett wrote:Thanks, I guess this is what was meant by the original question. In my opinion, all of these can also be defined as exploiting a vulnerability. Where the code resides, whether the exploit is intentional, and things like this don't alter my definition of exploit.nielsene wrote:Well to me, finding a vulnerabliity implies either
1) code review of public code (open source), possibly with test on a local (reporter's own system)
2) A user, in the course of normal use, noticing that s/he was given access to something s/he shouldn't have access to
3) A user accidentally doing something and 2) (perhaps they editted a bookmark by accident, etc)
Interesting.
Yeah, what you call a test is a synonym for exploit (as I define it). Without exploiting a vulnerability at least once, it's difficult to verify that it's actually a vulnerability. Even when I review code, I can be pretty sure of a vulnerability sometimes, but I really need an exploit to verify it.nielsene wrote:Even case 1?
I think you hit the nail on the head: It really comes down to a topicality issue - how are things defined?shiflett wrote: Yeah, what you call a test is a synonym for exploit (as I define it). Without exploiting a vulnerability at least once, it's difficult to verify that it's actually a vulnerability. Even when I review code, I can be pretty sure of a vulnerability sometimes, but I really need an exploit to verify it.
It's important to note that they don't clearly define attacks or exploits, and generally have broad definitions for both that, like you said, often include even testing. A poor choice on settings on a portscan can take certain equipment offline - if that doesn't constitute an attack or an exploit, I fail to understand what would, but its clearly also just a test.Vulnerability
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.