Re: PHP Exploitation

["Robin Wood" <dninja () gmail com>]

On 23/11/2007, Danux <danuxx () gmail com> wrote:
> Hi experts, i need your ideas,
>
> By now, i am able to upload php files to a Windows 2003 Server, so i
> can execute php code like phpinfo, but i cant execute passthru command
> because of lack of IUSR_MACHINE privileges.
> I have run some local php bof's without success.

Have you tried other ways to execute commands such as system or exec?
If you can get one of those working you can redirect output to a file
in the document root then view it by browsing to it.

Robin

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------