.

website url injection with php

<<

millwalll

Post Wed Aug 24, 2011 4:06 am

website url injection with php

Hi all,

I am messing with a web site on a training rig and noticed I can inject php into the url. I need to get to the root directory in order to access a file to get a flag. I am guessing that I can run Linux commands on the box and do cd .. But I need to run them in PHP I have looked at PHP functions like exec() , shell_exec() and system() but all are disabled.

Can anyone maybe throw some light on something I have not tried?


thanks
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Aug 24, 2011 10:57 am

Re: website url injection with php

Jamie.R wrote:Hi all,

I am messing with a web site on a training rig and noticed I can inject php into the url. I need to get to the root directory in order to access a file to get a flag. I am guessing that I can run Linux commands on the box and do cd .. But I need to run them in PHP I have looked at PHP functions like exec() , shell_exec() and system() but all are disabled.

Can anyone maybe throw some light on something I have not tried?


thanks


$var = `ls -al`
echo $var; // Backticks method, I think these probably uses exec() though.


popen(); // Try this too, make sure you get the right args.
proc_open(); // And this as well. That's pretty much all the unusual tricks I can fish up right now.

Use it for educational and ethical purposes only, even though I suspect you're doing an OffSec course perhaps  ;)
I'm an InterN0T'er
<<

millwalll

Post Wed Aug 24, 2011 12:19 pm

Re: website url injection with php

thanks got it sorted now and its alway Ethical with me :P

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software