Waraxe IT Security Portal
Login or Register
October 20, 2025
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 312
Members: 0
Total: 312
Full disclosure
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> How to upload a php file to the server?
Post new topicReply to topic View previous topic :: View next topic
How to upload a php file to the server?
PostPosted: Sun Dec 09, 2007 10:38 pm Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




Hello everyone, i am a bit new to this one...
I wont to upload my own php file to the server, can you give me any example how to do this? The only way thats this server accepts uploading is throu the image section... And the validating is done with php so it doesnt allows me to upload anythin else then image, Any idea how to bypass this?
I searched google but only found a well known bugs for some forums and etc... This site that i am trrying to hack got no forums or software that i know of...
Thanks for any advice!
View user's profile Send private message
PostPosted: Sun Dec 09, 2007 11:44 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Посмотри на соседей.Всегда есть такие.
View user's profile Send private message
PostPosted: Mon Dec 10, 2007 1:21 am Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




Try out other options
View user's profile Send private message
PostPosted: Mon Dec 10, 2007 10:28 pm Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




koko wrote:
Посмотри на соседей.Всегда есть такие.

соседи = другие сайти на сервере?
View user's profile Send private message
PostPosted: Tue Dec 11, 2007 1:31 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Да на других сайтах которъе на серваке посмори.Если есть такие конечно.
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 3:56 am Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




Quote:
Да на других сайтах которъе на серваке посмори.Если есть такие конечно.

А какой самий лутший метод нахадит сколка сайтов на сервере? Пару дней назат я вставил IP етого саита на какомто поискавике(нашол здесь), но мне нечево не нашло... Как понят какая ип самая главная на сервере?

The site I am trying to hack seems to be using a simple PHP validation. Its only checks the files extention. I guess the script should look something like this:
Code:
$ext = substr($filename, strrpos($filename, '.') + 1);
if ($ext == "jpg") {
echo"Uploaded!";
}else { $error .= "Wrong Filename"; }

Is there any known way to expose this? Obviously i am able to upload php files with jpg extension... Is there anyway i can rename those files while they are on server?
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 10:40 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




run>>cmd

Ping victim.com

Then go here:
http://domainsdb.net/64.193.62.130
or here
http://www.seologs.com/ip-domains.html

And type IP.No you can't rename files on server except if you have shell.
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 2:37 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




gtal3x wrote:
Quote:
Да на других сайтах которъе на серваке посмори.Если есть такие конечно.

А какой самий лутший метод нахадит сколка сайтов на сервере? Пару дней назат я вставил IP етого саита на какомто поискавике(нашол здесь), но мне нечево не нашло... Как понят какая ип самая главная на сервере?

The site I am trying to hack seems to be using a simple PHP validation. Its only checks the files extention. I guess the script should look something like this:
Code:
$ext = substr($filename, strrpos($filename, '.') + 1);
if ($ext == "jpg") {
echo"Uploaded!";
}else { $error .= "Wrong Filename"; }

Is there any known way to expose this? Obviously i am able to upload php files with jpg extension... Is there anyway i can rename those files while they are on server?


Can you post all the src code from upload script? Maybe there are some possibilities, you never know ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Dec 12, 2007 5:30 pm Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




waraxe wrote:
Can you post all the src code from upload script? Maybe there are some possibilities, you never know ...


Sadly i dont have a src code, but I am only guessing what it looks like...
By the way... I have access to their ftp server, but with username thats i am able to login, there is no www directory there... also i tried logging in with SSH seens i have got an account there... It does logs me in but then as soon as the message comes "Your last login: MON ... from myhost.com" the connection dies... no error at all... I am very confused!
Thanks again for your replys!
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 6:30 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Если нет www че тода есть там?Сделай листинг диров если можно.Про ssh не очень понял.Тъй конектишся но тебя въбрасъвает или?Если логин:пароль для ssh не рутовские то тебя логирует в логах что тъй входил.
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 7:54 pm Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




koko wrote:
Если нет www че тода есть там?Сделай листинг диров если можно.Про ssh не очень понял.Тъй конектишся но тебя въбрасъвает или?Если логин:пароль для ssh не рутовские то тебя логирует в логах что тъй входил.


Там очен много файлов, но все они или фильми или музыка... Я не нашол там не один файл который можно скачать через сайт... Как я понял, они зделали левого юзера на сервере каторий на имеет не кокой связи с сайтом, на катором они просто обмениваются файлами мезду собой. А бот это я палучаю когда захазу через SSH:
Code:
login as: (myuser)
Using keyboard-interactive authentication.
Password:
Linux (somehost) 2.6.18-028test015.1+31-ovz-smp #1 SMP Tue Feb 6 20:33:47 CET 2007 x86_64 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Wed Dec 12 22:49:12 2007 from (my host here)

So everything looks fine! However after this i am getting disconnected!
View user's profile Send private message
PostPosted: Wed Dec 12, 2007 8:12 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Так.С соседей что получилось?На их сайте какой нить движок или все самописное?
View user's profile Send private message
PostPosted: Thu Dec 13, 2007 1:03 am Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




koko wrote:
Так.С соседей что получилось?На их сайте какой нить движок или все самописное?

Кстати тока шяс замаетил что у них есть форум PHPBB2... Незнаеш как ат туда зделать upload? У меня па идее узе есть md5 пароль модератора все что осталось зделать ето его крякнуть... узе 3й чяс крякаю и всё не как не крякнется...
View user's profile Send private message
PostPosted: Thu Dec 13, 2007 1:23 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




gtal3x wrote:
koko wrote:
Так.С соседей что получилось?На их сайте какой нить движок или все самописное?

Кстати тока шяс замаетил что у них есть форум PHPBB2... Незнаеш как ат туда зделать upload? У меня па идее узе есть md5 пароль модератора все что осталось зделать ето его крякнуть... узе 3й чяс крякаю и всё не как не крякнется...


Post you hash here Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Dec 13, 2007 1:27 am Reply with quote
gtal3x
Active user
Active user
Joined: Dec 03, 2007
Posts: 33
Location: Ukraine




waraxe wrote:
gtal3x wrote:
koko wrote:
Так.С соседей что получилось?На их сайте какой нить движок или все самописное?

Кстати тока шяс замаетил что у них есть форум PHPBB2... Незнаеш как ат туда зделать upload? У меня па идее узе есть md5 пароль модератора все что осталось зделать ето его крякнуть... узе 3й чяс крякаю и всё не как не крякнется...


Post you hash here Smile


Thanks for quick reply Smile
3c0a7f7d5e9a14bea5621c3622b0a780
and if this uncrackble...
65efb79bfd80ad92970c3d4f58cc5bdc
View user's profile Send private message
How to upload a php file to the server?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds