Re: PHP Exploitation

From: Siim Põder (siim@p6drad-teel.net)
Date: Fri Nov 30 2007 - 04:29:34 EST

• Next message: Tim: "Re: Http splitting working example"
• Previous message: Philip Cox: "RE: Faxing and PCI DSS compliance"
• In reply to: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey!

Danux wrote:
> Do you know, how to execute my uploaded cmd.exe without using a system
> or exec, passthru command?

you could check the php version agains php vulnerabilities, there were
some a while back. i'm not sure how the windows permissions work, but
you could possibly at least put some code on stack and call it.

yet another idea would be to run some sort scanning proxy from inside
php to see what other machines are present on the local network and what
services they run.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Tim: "Re: Http splitting working example"
• Previous message: Philip Cox: "RE: Faxing and PCI DSS compliance"
• In reply to: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT