 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 231
 Members: 0
 Total: 231
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Technical null byte %00 [Resolved] |
|
 Posted: Sun Jun 29, 2008 9:39 am |
 |
|
| black-flag |
| Regular user |
 |
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
 |
|
 |
|
Greeting
there is there any requirement in web server or php.ini to exploit LFI with using Technical null byte %00 ???
| Code: |
http://localhost/lab/hack/script_test/02.php?page=hello.php%00
|
| Code: |
Warning: include(hello.php\0.php) [function.include]: failed to open stream: No such file or directory in /var/www/lab/hack/script_test/02.php on line 6
|
| Code: |
<?php
if (isset($_GET['page']))
$page = $_GET['page'];
else
$page = "main";
if(!include($page.".php"))
{
echo "Die Seite existiert nicht!";
}
?>
|
thank you  |
|
Last edited by black-flag on Fri Jul 04, 2008 7:59 pm; edited 1 time in total |
|
|
|
| Posted: Sun Jun 29, 2008 4:00 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Jun 30, 2008 8:08 am |
|
|
| black-flag |
| Regular user |
|
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
|
|
|
|
thank you;
i looking to test all kind of web vulnerability, in this case i want to test Technical null byte %00
thank you again |
|
|
|
|
|
I need your help plz :) |
|
| Posted: Thu Jul 03, 2008 8:11 pm |
|
|
| black-flag |
| Regular user |
|
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
|
|
|
|
Hi,
Anybody can explain me why Technical null byte %00 does not wrork ??
thank you |
|
|
|
|
| Posted: Fri Jul 04, 2008 4:12 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| With this simple question try to ask google. |
|
|
|
|
| Posted: Fri Jul 04, 2008 10:44 am |
|
|
| black-flag |
| Regular user |
|
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
|
|
|
|
| koko wrote: | | With this simple question try to ask google. |
is already done, I did not find what its the requirements of this technical, if you think that I'm very beginer and I distrube you by my stupid questions plz show me the way to an other website and I will leave you
thank you again |
|
|
|
|
| Posted: Fri Jul 04, 2008 11:34 am |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
| null byte is work only in older version php in new %00 is replace on \0 or \00 |
|
|
|
|
| Posted: Fri Jul 04, 2008 12:22 pm |
|
|
| black-flag |
| Regular user |
|
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
|
|
|
|
| siurek22 wrote: | | null byte is work only in older version php in new %00 is replace on \0 or \00 |
thank you
plz can you tell me which version of php don't control null byte ?
and there is any setting (php.ini) to desible/enable this control |
|
|
|
|
| Posted: Fri Jul 04, 2008 7:57 pm |
|
|
| black-flag |
| Regular user |
|
|
| Joined: Jun 28, 2008 |
| Posts: 8 |
|
|
|
|
|
|
|
| black-flag wrote: | | siurek22 wrote: | | null byte is work only in older version php in new %00 is replace on \0 or \00 |
thank you
plz can you tell me which version of php don't control null byte ?
and there is any setting (php.ini) to desible/enable this control |
ok I find the answer
Null byte does not work when magic_quotes enabled.
tahnk you koko,siurek22 |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
