file upload?

Is there a why to manually upload a file if you don't have admin rights or database access like a url injection?

Well i'm not good at rooting, but i have some little knowledge about it. A solution for you can be the FTP Server, i men hack/root it

Often things like Image Upload, or a game/video upload feature are vulnerable when they don't restrict the filetypes allowed. This allows you to upload anything.

Make it RFI a shell/php script. You can try to upload shells via images too (or other upload services).

Okay, could someone help explain to me how rooting/hacking (not sure what term it would be) an FTP site works?

fucking google.

I am tired of flaming you.

Agreed. Anyways, isn't there at least one challenge that deals with RFI? Do the fucking challenges, then ask questions.

masta_hacks wrote: Is there a why to manually upload a file if you don't have admin rights or database access like a url injection?

No there isn't. If the administrator hasn't given you his plaintext password you can't exploit anything or get the privilegies by hacking, no matter what you're trying to do.

Seriously, of course there is… :angry:

masta_hacks wrote: Is there a why to manually upload a file if you don't have admin rights or database access like a url injection?

Uber0n wrote: If the administrator hasn't given you his plaintext password you can't exploit anything or get the privilegies by hacking, no matter what you're trying to do.

That is quote-worthy. Just absolutely hilarious. The next S.E. article should start out like that. :happy:

i would tell u all i know, if i knew.. Hacking is for people who like to learn.(i made this up =) ):p