 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 90
 Members: 0
 Total: 90
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Help: PHP Injection - Finding Vuln Pages! |
|
 Posted: Sun Sep 11, 2005 1:26 pm |
 |
|
| Pouya |
| Regular user |
 |
|
| Joined: Sep 11, 2005 |
| Posts: 6 |
|
|
|
 |
|
 |
|
Hi,
i'm new here 
I like that forum very.
I have a question:
i have a cmd for php injection:
http://usuarios.lycos.es/adm/lollll.txt.
It's a php command/safemode exploit!
Do you guys know, how to find pages, which are vuln and which can be exploited with that cmd?
Thx very much!!!!! |
|
|
|
|
| Posted: Mon Sep 12, 2005 7:06 pm |
|
|
| Pouya |
| Regular user |
|
|
| Joined: Sep 11, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
can anyone help me plz?!?
THX! |
|
|
|
|
| Posted: Tue Sep 13, 2005 11:40 am |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
I'd say the exploit you have posted is an exploit for SAFEMODE-Restriction. The SAFEMODE-Restriction is a parameter of PHP (you can set it in the php.ini) which restricts access for files which have not the same owner like the running script. That means that you can't access files like /etc/passwd (see also open_basedir-Restriction).
This is no bug which makes a shell for you or something similar... You need the opportunity to upload PHP-Scripts or something like this. Your exploit seems to be a Shell which bypasses the SAFEMODE.
Greetz,
Chb |
|
|
|
|
| Posted: Tue Sep 13, 2005 2:15 pm |
|
|
| Pouya |
| Regular user |
|
|
| Joined: Sep 11, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Sep 15, 2005 9:27 am |
|
|
| Chb |
| Valuable expert |
|
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
Ah, remote includebug  Sorry, I thought of local includebug.
| Quote: | | But HOW can i find pages which has the php injection bug, so i can use that exploit to upload files? |
Hmhm... You can't describe an universal way. But sites which parameters contains full filenames may be vulnerable. E.g. "index.php?site=news.php" might be vulnerable. |
|
|
|
|
| Posted: Thu Sep 15, 2005 5:28 pm |
|
|
| Pouya |
| Regular user |
|
|
| Joined: Sep 11, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
| is there another way to find vuln php pages?? Can anyone gives me tips on google'ing some vuln pages or a tool which scans for vuln pages? |
|
|
|
|
| Posted: Fri Sep 16, 2005 1:48 pm |
|
|
| LINUX |
| Moderator |
 |
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
