Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 37
Guests Online: 34
Members Online: 3

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Injection through PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-11-09 03:28
So there's this site that will turn an image url into an image
when you send it in a message.
For example, if I sent a message that said
"http://www.hellboundhackers.org/fusion_images/hbhbanner.png"
It would show the HBH banner.

But it's got a problem in that if you put a PHP page with an image
extension at the end, it will try to display it.
Ex. http://site.com/script.php?jpg

I don't have malicious intentions, but is there any way to use that
to exploit the site?


Author

RE: Injection through PHP

dnatrixene135
Member



Posts: 7
Location: United States
Joined: 24.10.09
Rank:
Moderate
Posted on 03-11-09 06:13
Find other files such as .txt or .html files and put that after the php question mark.

http://site.com/script.php?showpage=password.txt
Author

RE: Injection through PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-11-09 06:27
That won't work though, unless I make my script accept
certain variables.
The site.com would be my site, and script.php would be my script.
So for example, what I thought might work was this:
In script.php, put
<?php
echo "Test";
?>

and then, in a message, put this:
http://site.com/script.php?jpg

And I was hoping that it would say "Test" in the message.



Author

RE: Injection through PHP

reaper4334
Member



Posts: 315
Location: Uk
Joined: 24.11.06
Rank:
Moderate
Posted on 03-11-09 09:42
So try it?

Try doing that and if it works you probably have yourself an exploitable hole.
Whether or not it will work really depends on the script that displays the image, whether it checks the filetype etc.
Chances are though, it just gets the URL and shoves it between <img src=" and ">
In which case you, you might have an XSS hole.



i129.photobucket.com/albums/p210/reaper4334/reaper.png

www.catb.org/hacker-emblem/glider.png
reaper4334@hotmail.co.uk http://reaper4334.freehostia.com