| 
  
        |  |  |  
      
        |  |  
  | 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 82 
  Members: 0 
  Total: 82 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | Technical null byte %00 [Resolved] |  |  
	| 
	
		|  Posted: Sun Jun 29, 2008 9:39 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Greeting there is there any requirement in web server or php.ini to exploit LFI with using Technical null byte %00 ???
 
 
  	  | Code: |  	  | http://localhost/lab/hack/script_test/02.php?page=hello.php%00
 
 | 
 
 
  	  | Code: |  	  | Warning: include(hello.php\0.php) [function.include]: failed to open stream: No such file or directory in /var/www/lab/hack/script_test/02.php on line 6
 
 | 
 
 
  	  | Code: |  	  | <?php
 if (isset($_GET['page']))
 $page = $_GET['page'];
 else
 $page = "main";
 if(!include($page.".php"))
 {
 echo "Die Seite existiert nicht!";
 }
 ?>
 
 | 
 
 thank you
  |  |  
		| 
		
			| 
 Last edited by black-flag on Fri Jul 04, 2008 7:59 pm; edited 1 time in total
 |  |  |  
	|  |  
	| 
	
		|  Posted: Sun Jun 29, 2008 4:00 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| pexli |  | Valuable expert |  |  
  |  |  |  | Joined: May 24, 2007 |  | Posts: 665 |  | Location: Bulgaria |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Mon Jun 30, 2008 8:08 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| 
 thank you;
 i looking to test all kind of web vulnerability, in this case i want to test Technical null byte %00
   thank you again
  |  |  
		|  |  |  
	|  |  
	|  | I need your help plz :) |  |  
	| 
	
		|  Posted: Thu Jul 03, 2008 8:11 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hi, Anybody can explain me why Technical null byte %00 does not wrork ??
 thank you
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 04, 2008 4:12 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| pexli |  | Valuable expert |  |  
  |  |  |  | Joined: May 24, 2007 |  | Posts: 665 |  | Location: Bulgaria |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| With this simple question try to ask google. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 04, 2008 10:44 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | koko wrote: |  	  | With this simple question try to ask google. | 
 is already done, I did not find what its the  requirements of this technical, if you think that I'm very beginer and I distrube you by my stupid questions plz show me the way to an other website and I will leave you
 thank you again
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 04, 2008 11:34 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| siurek22 |  | Regular user |  |  
  |  |  |  | Joined: May 31, 2008 |  | Posts: 13 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| null byte is work only in older version php in new %00 is replace on \0 or \00 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 04, 2008 12:22 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| thank you 	  | siurek22 wrote: |  	  | null byte is work only in older version php in new %00 is replace on \0 or \00 | 
 plz can you tell me which version of php don't control null byte ?
 and there is any setting (php.ini) to desible/enable this control
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 04, 2008 7:57 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| black-flag |  | Regular user |  |  
  |  |  |  | Joined: Jun 28, 2008 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | black-flag wrote: |  	  | thank you 	  | siurek22 wrote: |  	  | null byte is work only in older version php in new %00 is replace on \0 or \00 | 
 plz can you tell me which version of php don't control null byte ?
 and there is any setting (php.ini) to desible/enable this control
 | 
 
 
 ok I find the answer
 Null byte does not work when magic_quotes enabled.
 tahnk you koko,siurek22
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> Remote file inclusion 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |  |