Thursday, February 9, 2012

LFI Hacking Ebook



ဒီေန႔ေတာ့ LFI Hacking Ebook လည္းၾကည့္ရေအာင္ဗ် မဆိုးဘူး မိုက္တယ္ ကၽြန္ေတာ္လည္း LFI ကိုအေပၚယံေလာက္သိတာ.ဟက္တတ္လား ဟတ္တတ္တယ္ ဒါပဲ တကယ္ေစ့ေစ့ေပါက္ေပါက္  မသိဘူးဗ် ဒီစာအုပ္ကေတာ့ ေစ့ေစ့ေပါေပါက္ကိုေရးထားတယ္  တစ္ခ်က္ၾကည့္ၾကည့္လုိက္ပါဦး
Introduction
During assessments it is  still common to find LFI vulnerabilities when testing PHP applications. Depending
on the server configuration it is often possible to convert these into code execution primitives through known
techniques such as;
 /proc/self/environ
 /proc/self/fd/…
 /var/log/…
 /var/lib/php/session/ (PHP Sessions)
 /tmp/ (PHP Sessions)
 php://input wrapper
 php://filter wrapper
 data: wrapper
The research in this whitepaper is an extension of the published work by Gynvael Coldwind in the paper
“PHP LFI to arbitratry code execution via rfc1867 file upload temporary files”
http://www.exploit-db.com/download_pdf/17010/
In that paper, the author documents information related to how the PHP file upload feature works. In
particular he notes that if  file_uploads = on is set in the PHP configuration file, then PHP will accept a file
upload post to any PHP file. He also notes that the upload file will be stored in the tmp location, until the
requested PHP page is fully processed.
This is also included in the PHP documentation;
http://www.php.net/manual/en/features.file-upload.post-method.php
The file will be deleted from the temporary directory at the end of the request if it has not been
moved away or renamed.
In the paper, Gynvael Coldwind, includes a method of exploiting this behaviour on Windows systems through
the use of the FindFirstFile quirk. This behaviour is documented in the paper;
Oddities of PHP file access in Windows®. Cheat-sheet, 2011 (Vladimir Vorontsov, Arthur Gerkis)
http://onsec.ru/onsec.whitepaper-02.eng.pdf
Although unrelated to LFI research, the following paper is interesting reading material for PHP web
application security researchers. It documents a behavioural issue with PHP scripts handling when invoked
through the HEAD HTTP verb;
HTTP HEAD method trick in php scripts (Adam Iwaniuk)
https://students.mimuw.edu.pl/~ai292615/php_head_trick.pdf
The  FindFirstFile quirk does not affect the  PHP engine on GNU/Linux; however under certain conditions
exploitation of the PHP file upload feature is still possible. This paper details one of these conditions, which
becomes available when access to a script that outputs the results of a  phpinfo() call, is  available on the
target server.
Download

Post by Ghost Area

ROCK FOREVER (MUSIC)

Pageviewers

CBOX

Manutd-Results

Label

Android (3) autorun (3) Backtrack (8) batch file (19) blogger (10) Botnet (2) browser (5) Brute Force (6) cafezee (2) cmd (5) Cookies (2) crack (12) Cracking (2) crypter (7) DDos (20) deepfreeze (4) defacing (1) defence (16) domain (4) Dos (9) downloader (4) ebomb (2) ebook (48) Exploit (26) firewall (3) game (2) gmail (11) google hack (16) Hacking Show (3) Hash (4) hosting (1) icon changer (1) ip adress (6) Keygen (1) keylogger (8) knowledge (67) locker (1) maintainence (8) network (17) news (31) other (35) passwoard viewer (7) password (12) Philosophy (6) Phishing (8) premium account (2) proxy (7) RAT (10) run commands (4) script (27) Shell code (10) shortcut Key (2) SMTP ports (1) social engineering (7) spammer (1) SQL Injection (30) Stealer.crack (5) tools (125) Tools Pack (4) tutorial (107) USB (3) virus (32) website (84) WiFi (4) word list (2)

Blogger templates

picoodle.com

Blogger news

Print Friendly and PDF

HOW IS MY SITE?

Powered by Blogger.

Blog Archive

Followers

About Me

My Photo
Hacking= intelligent+techonology+psychology