Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

File Disclosure

  1. Home
  2. Forum
  3. Web hacking
  4. File Disclosure

ghost's Avatar

ghost

0 0

I found a site that has a file disclosure vuln (you know index.php?f=../../and/so/on/index.php type stuff), but instead of executing the PHP code I injected it instead simply displays the file.

Instead of a simple

markupinclude($_GET['f']);

this site uses

markupecho file_get_contents($_GET['f']);

or something.

I won't disclose the site for legal reasons, but is there a way I can inject PHP code onto the server?

BTW they use Smarty.


ghost's Avatar

ghost

0 0

Read the articles to see how to check if a site is vulnerable, then try some of the methods listed.

Cheers

Dantronix


ghost's Avatar

ghost

0 0

First: It doesn't eval or include the file, just prints it out. so offsite-server file was out of the question.

Second, they fixed it already after I told them, posted on zone-h/digg, etc. It was the EFF if you were wondering :)