Re: PHP Exploitation

From: Robin Wood (dninja@gmail.com)
Date: Tue Nov 27 2007 - 08:07:09 EST

• Next message: SD List: "FireCAT 1.3 Firefox Catalog of Auditing exTensions released"
• Previous message: harshad.mengle@wipro.com: "RE: VOIP Pen TEST"
• In reply to: Danux: "PHP Exploitation"
• Next in thread: Danux: "Re: PHP Exploitation"
• Reply: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 23/11/2007, Danux <danuxx@gmail.com> wrote:
> Hi experts, i need your ideas,
>
> By now, i am able to upload php files to a Windows 2003 Server, so i
> can execute php code like phpinfo, but i cant execute passthru command
> because of lack of IUSR_MACHINE privileges.
> I have run some local php bof's without success.

Have you tried other ways to execute commands such as system or exec?
If you can get one of those working you can redirect output to a file
in the document root then view it by browsing to it.

Robin

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: SD List: "FireCAT 1.3 Firefox Catalog of Auditing exTensions released"
• Previous message: harshad.mengle@wipro.com: "RE: VOIP Pen TEST"
• In reply to: Danux: "PHP Exploitation"
• Next in thread: Danux: "Re: PHP Exploitation"
• Reply: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT