Donate to us via Paypal!
Ideas are far more powerful than guns.
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 127
Guests Online: 125
Members Online: 2

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

Exploiting


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 12:15
I want to get access to one site, and i found the way to read all files from that site, and i found some very interesting php file!


This is pics of that php file

http://www.freewebtown.com/mefisto/file.jpg


The problem is I can only list folder "downloads", if i try to go up one directory to list the home folder i get errror message "Illegal path specified, ignoring"


the url looks like http://site.com/folder1/file.php?path=

i tried everything

http://site.com/folder1/file.php?path=../
http://site.com/folder1/file.php?path=../somefolder/
http://site.com/folder1/file.php?path=..../


i forget how you can list directories from the url, i tried something like this

http://site.com/folder1/file.php?path=|ls -la|


and some other things but with no lucky!


btw this is the source code of that php file, and if you have time to look and tell me is this file exploitable, i`m sure it is!?

http://www.freewebtown.com/mefisto/file.txt

Author

RE: Exploiting


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-05-07 12:38
the url looks like http://site.com/folder1/file.php?path=


try http://site.com/folder1/file.php?path=abcd

If you get error:

Warning: main() [function.include]: Failed opening 'abcd' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php'Wink in

Then it is vuln. If you don't get the function.include error, then it's not.


Author

RE: Exploiting


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-05-07 01:06
i`m getting only this message

abcd is not a subdirectory of the current directory.


i can send you site address if you want to check!?