 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 516
 Members: 0
 Total: 516
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Security Test |
|
 Posted: Wed May 10, 2006 4:12 pm |
 |
|
| TapDunk |
| Beginner |
 |
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Testing the security of a target website. If target.com has exploit where request is not validated how can I defeat with remote file inclusion. Is there a tool available that does that.
Example:
http://target.com/index.php?mod= is susceptible to multiple injections. That returns this error.
| Quote: | Warning: main(extensions/.php): failed to open stream: No such file or directory in /home/username/public_html/index.php on line 156
Warning: main(extensions/.php): failed to open stream: No such file or directory in /home/username/public_html/index.php on line 156
Warning: main(): Failed opening 'extensions/.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/username/public_html/index.php on line 156 |
How can I enter server with such an exploit? Open to suggestions. |
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 4:22 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
This seems to be potential local file inclusion bug.
Try for example:
| Code: |
http://target.com/index.php?mod=../index
http://target.com/index.php?mod=../../../../../../../../../../../../etc/passwd%00
|
and check "extensions" directory for possible listing:
| Code: |
http://target.com/extensions/
|
|
|
|
|
|
| Posted: Wed May 10, 2006 5:31 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
Ok thanx for that. Server protected by SecurePHPx. Script blocked to prevent further abuse or action.
How did I get around that? |
|
|
|
|
| Posted: Wed May 10, 2006 5:41 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
When I try the first injection I get this err tho.
| Quote: | | Fatal error: Cannot redeclare rendertable_interface() (previously declared in /home/username/public_html/ADMIN/Utils.php:90) in /home/username/public_html/ADMIN/Utils.php on line 89 |
|
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 8:37 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| TapDunk wrote: | When I try the first injection I get this err tho.
| Quote: | | Fatal error: Cannot redeclare rendertable_interface() (previously declared in /home/username/public_html/ADMIN/Utils.php:90) in /home/username/public_html/ADMIN/Utils.php on line 89 |
|
You see - new pieces of information are popping up 
This type of bug is not very easy to exploit. It all depends on software environment and other factors.
There are lots of various advisories about local file inclusion bugs:
http://www.google.com/search?hl=en&lr=&q=php+local+file+inclusion&btnG=Search
I suggest to try to include different files, analize error messages, try to determine software platform and if it's opensource, download source code and search for bugs. Determine, if "magic_quotes" is on or off. If it's off, then "poison null" should work and because that stupid "SecurePHPx" is filtering GET requests, use POST operation to deliver file names. |
|
|
|
|
|
|
|
|
| Posted: Wed May 10, 2006 8:45 pm |
|
|
| TapDunk |
| Beginner |
|
|
| Joined: Apr 30, 2006 |
| Posts: 4 |
|
|
|
|
|
|
|
ok thnx man  |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
