Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 34
Guests Online: 33
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Lessons

Author

Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 21:25
In this video i exploit the eval() function to run commands/php on a webhosting company.

I finally got a new video maker, so this file is small!

http://4filehosting.com/file/21117/eval-swf.html




Author

RE: Exploiting eval()

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 15-06-07 21:43
[edit]Nevermind, I watched the video. I thought you meant you actually exploited the php function eval, now I realize you just exploited it on someones site, my bad xD[/edit]


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png



Edited by SySTeM on 15-06-07 21:53
http://www.elites0ft.com/
Author

RE: Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 21:52
nice demo tho Grin


Author

RE: Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 21:55
As far as I'm concerned, you should never use eval

"If eval() is the answer, then you're asking the wrong question"
- Sara Goleman (afaik)


Author

RE: Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 22:15
nice vid Smile


Author

RE: Exploiting eval()

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 15-06-07 22:31
mozzer wrote:
As far as I'm concerned, you should never use eval

"If eval() is the answer, then you're asking the wrong question"
- Sara Goleman (afaik)


Agreed, eval ftl


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 22:33
V. True...

Also, use of backticks when not necessary!

eg

`mkdir lal`

rather than

mkdir ('lal'Wink;


Author

RE: Exploiting eval()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-07 23:10
I dig this even more then the CSRF one, excellent work!
Keep 'em coming.

:happy: