Alex Posted July 15, 2006 Report Posted July 15, 2006 Modificatzi fisieru vulnerabil si introducetzi acest co intr-un loc gol: 1. <? if (isset ($pilih)) {include $pilih;} else {include "main.php";} ?> $pilih = $variable mail.php = some .php page 2. Securizatzi in Mambo: defined( '_VALID_MOS' ) or die( '5aa3b284dbb9a6c970f5d4f405d19c' ) _VALID_MOS = $variable Direct Access... = Your messegge 3. Securizare de PHPBB if ( !defined('IN_PHPBB') ) { die("You Are A LaMeR"); } IN_PHPBB = $variable You Are.... = you comment Alta secrizare: if (eregi ("http", $variable)){exit;} $variable = $variablee exit = exec mode Quote
SpLo1T Posted August 7, 2006 Report Posted August 7, 2006 ghici sorry ma refeream la scanner de root ! Quote
dark Posted September 3, 2006 Report Posted September 3, 2006 chiar, mai bine ai explicat cum prinz un root cu php  si dupaia "Cum securizezi un root...prins la php...." Quote
teh-method Posted May 9, 2007 Report Posted May 9, 2007 Well, exploituri pt. a obtine drept de root pe un php prins, aveti? Quote
clawmvp Posted May 9, 2007 Report Posted May 9, 2007 teh-method said: Well, exploituri pt. a obtine drept de root pe un php prins, aveti? http://milw0rm.com/poate te ajuta Quote
teh-method Posted May 9, 2007 Report Posted May 9, 2007 clawmvp said: teh-method said: Well, exploituri pt. a obtine drept de root pe un php prins, aveti? Expand http://milw0rm.com/ poate te ajuta Expand immm .. pe langa securitydot si packetstormsecurity, da! Apropo, poti fi mai precis in explicare securizarii? da un exemplu' cu vulnerabilitatea din smf.php Am reusit, dar se vede totu' alb .. vroiam sa scrie Patched! ;] Quote
