 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 64
 Members: 0
 Total: 64
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Remote file inclusion prob ;/ |
|
 Posted: Sun Jun 12, 2005 9:03 pm |
 |
|
| faifas |
| Regular user |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
 |
|
 |
|
Heyz, i found a website thats has a remote file inclusion bug. Let me show it to u 
http://www.dumbsite.com/guest.php?archyvas='
Warning: file(): Unable to access archyvas'.txt in /home/***/public_html/lt/guest.php on line 136
Warning: file(archyvas'.txt): failed to open stream: No such file or directory in /home/***/public_html/lt/guest.php on line 136
.txt isn't a prob:
http://www.dumbsite.com/guest.php?archyvas=weeeeeeee.php%00
Warning: file(): Unable to access archyvasweeeeeeee.php in /home/***/public_html/lt/guest.php on line 136
Warning: file(archyvasweeeeeeee.php): failed to open stream: No such file or directory in /home/***/public_html/lt/guest.php on line 136
so we got rid of .txt, but how to get rid of archyvas?
Warning: file(): Unable to access archyvasweeeeeeee.php in
thats a question!
btw already googled  help needed. First time i'm in this case |
|
|
|
|
|
|
|
|
| Posted: Sun Jun 12, 2005 11:27 pm |
|
|
| erg0t |
| Valuable expert |
|
|
| Joined: Apr 08, 2005 |
| Posts: 55 |
| Location: Uruguay |
|
|
|
|
|
|
first: isn't inclusion.
second: can't post urls with vulns |
|
|
|
|
| Posted: Mon Jun 13, 2005 5:52 am |
|
|
| faifas |
| Regular user |
|
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
| it isn't real url ~ |
|
|
|
|
|
helo, all.... (hoe to execute command unix in phpbb) |
|
| Posted: Mon Jun 13, 2005 11:44 am |
|
|
| cow_1seng |
| Beginner |
 |
|
| Joined: May 10, 2005 |
| Posts: 1 |
| Location: indonesia |
|
|
|
|
|
|
heloo all, can help me to teach, how to execute command in phpbb ?
if have bug in phpbb, where the hole please teach me all...
thank.....
cow_1seng |
|
|
|
|
| Posted: Tue Jun 14, 2005 7:51 pm |
|
|
| faifas |
| Regular user |
|
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
| well say what type of bug it is and where? u can do different things with different type of bugs. |
|
|
|
|
| Posted: Wed Jun 15, 2005 1:35 pm |
|
|
| erg0t |
| Valuable expert |
|
|
| Joined: Apr 08, 2005 |
| Posts: 55 |
| Location: Uruguay |
|
|
|
|
|
|
| faifas wrote: | | well say what type of bug it is and where? u can do different things with different type of bugs. |
is ca call to file() so you can read files of the victim (isn't very util since you only can read files that you have permision to access) |
|
|
|
|
| Posted: Thu Jun 16, 2005 8:00 am |
|
|
| faifas |
| Regular user |
|
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
| so no1 have any idea how to drop that "archive" ? |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
