Re: PHP Exploitation
- From: Kish Pent <kish_pent@xxxxxxxxx>
- Date: Sat, 24 Nov 2007 23:31:34 -0800 (PST)
Hi Danux,
It's a bit cheeky to know you never tried c99 php
backdoor, c99.php.
If you're not aware of it, look into this paper
http://www.milw0rm.com/papers/111
Cheers :)
Kish
--- Danux <danuxx@xxxxxxxxx> wrote:
Hi experts, i need your ideas,
By now, i am able to upload php files to a Windows
2003 Server, so i
can execute php code like phpinfo, but i cant
execute passthru command
because of lack of IUSR_MACHINE privileges.
I have run some local php bof's without success.
Do you have another idea to break into the server
through php code uploaded?
Cheers!!!!!
--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com
--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- PHP Exploitation
- From: Danux
- PHP Exploitation
- Prev by Date: Re: PHP Exploitation
- Next by Date: Re: Pen Test Success Factors
- Previous by thread: Re: PHP Exploitation
- Next by thread: Re: PHP Exploitation
- Index(es):
Relevant Pages
|
|
