PHP Exploitation
- From: Danux <danuxx@xxxxxxxxx>
- Date: Thu, 22 Nov 2007 20:29:06 -0600
Hi experts, i need your ideas,
By now, i am able to upload php files to a Windows 2003 Server, so i
can execute php code like phpinfo, but i cant execute passthru command
because of lack of IUSR_MACHINE privileges.
I have run some local php bof's without success.
Do you have another idea to break into the server through php code uploaded?
Cheers!!!!!
--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: PHP Exploitation
- From: Robin Wood
- Re: PHP Exploitation
- From: Kish Pent
- Re: PHP Exploitation
- From: DokFLeed
- Re: PHP Exploitation
- Prev by Date: Re: Oracle SQL Injection vulnerability
- Next by Date: Pen Test Success Factors
- Previous by thread: Faxing and PCI DSS compliance
- Next by thread: Re: PHP Exploitation
- Index(es):
Relevant Pages
|
|
