Всем доброво дня. Я тут новинкии и ненашол раздела для новичков. Дело такое: мне надо както залит шел на один хост. Я просканил и вот што я нашол: Code: - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache/2.0.50 (Linux/SUSE) - Retrieved X-Powered-By header: PHP/4.3.8 + /robots.txt - contains 1 'disallow' entry which should be manually viewed (added to mutation file lists) (GET). + PHP/4.3.8 appears to be outdated (current is at least 5.0.3) + Apache/2.0.50 appears to be outdated (current is at least Apache/2.0.54). Apache 1.3.33 is still maintained and considered secure. + 2.0.50 (Linux/SUSE) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries. + /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed. (GET) + /manual/images/ - Apache 2.0 directory indexing is enabled, it should only beenabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET) + /cgi-bin//htsearch?exclude=%60/etc/passwd%60 - htsearch may reveal file system paths. (GET) + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE) + /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET) + /index.php?top_message=<script>alert(document.cookie)</script> -Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /manual/ - Web server manual? tsk tsk. (GET) + /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET) + /phpBB2/search.php?search_id=1\", - Redirects to install/install.php , phpBB 2.06 search.php is vulnerable to SQL injection attack. Error page also includes full path to search.php file. + /css - Redirects to http://hack-site/css/ , This might be interesting. .. + /stats/ - Redirects to http://hack-site/stats/0.php , This might be interesting... + /web/ - This might be interesting... (GET) + /index.php?base=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?tampon=test%20 - This might be interesting... has been seen in weblogs from an unknown scanner. (GET) + /index.php?topic=&lt;script&gt;alert(document.cookie)&/script&gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + 2563 items checked - 20 item(s) found on remote host(s) Я нашол тоже здес паказан запрос на игровие сервера "stats" Code: Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /srv/www/htdocs/stats/includes/panachart.php on line 57 Порты открыты такие PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 135/tcp filtered msrpc 14534/tcp open unknown 27015/tcp open unknown А што дальше, как залить шел? Спасибо за любую информациюю
Я проверил, етот phpbb2 только залит, даже не инсталирован V web kataloge vot shto Code: SQL Error in query string: SET `collation_connection`='utf8_general_ci', `collation_database`='utf8_general_ci', `collation_server`='utf8_general_ci', CHARACTER SET utf8, NAMES 'utf8' MYSQL Error: Unknown system variable 'collation_connection' Sto eto mozno zvacit?
