Re: PHP Exploitation

From: "Robin Wood" <dninja@xxxxxxxxx>
Date: Tue, 27 Nov 2007 13:07:09 +0000

On 23/11/2007, Danux <danuxx@xxxxxxxxx> wrote:

Hi experts, i need your ideas,

By now, i am able to upload php files to a Windows 2003 Server, so i
can execute php code like phpinfo, but i cant execute passthru command
because of lack of IUSR_MACHINE privileges.
I have run some local php bof's without success.

Have you tried other ways to execute commands such as system or exec?
If you can get one of those working you can redirect output to a file
in the document root then view it by browsing to it.

Robin

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Follow-Ups:
- Re: PHP Exploitation
  - From: Danux

References:
- PHP Exploitation
  - From: Danux

Prev by Date: RE: VOIP Pen TEST
Next by Date: FireCAT 1.3 Firefox Catalog of Auditing exTensions released
Previous by thread: Re: PHP Exploitation
Next by thread: Re: PHP Exploitation
Index(es):
- Date
- Thread

Relevant Pages

Re: IIS 6.0 on Windows Server 2003
... If PHP insists on using CMD.EXE to execute the shellcommand on the ... server, then no, you have no choice -- you must give read permissions to the ... this would be a security vulnerability caused by PHP. ...
(microsoft.public.inetserver.misc)
Re: Function execution before page reload
... browser. ... Interaction between PHP and the browser is one-way - the PHP ... > In the short example above does the script execute the function BEFORE ... The server receives information from the browser and sends html back to the ...
(comp.lang.php)
Re: Function execution before page reload
... if ){printf("Can't connect to MySQL Server. ... browser. ... Interaction between PHP and the browser is one-way - the PHP ... > In the short example above does the script execute the function BEFORE ...
(comp.lang.php)
Re: [PHP] Safe includes?
... Using include for this is potentially dangerous since it will execute any PHP code contained within the file. ... I had a similar problem with a shareware Macintosh application I wrote where I wanted the resources to remain "intact" -- I didn't want someone changing the resource so that information about payments would be sent to them instead of me. ... the script is running as has write permission to the directory then it's going to be able to write whatever it wants. ...
(php.general)
Re: refresh problem
... Erwin Moller wrote: ... It loos like you are mixing PHP and JS in a bad way. ... PHP delivers HTML to an internetbrowser. ... This will execute your drawNode function, every time the script is executed. ...
(comp.lang.php)