Penetration Testing mailing list archives
Re: PHP Exploitation
From: "Robin Wood" <dninja () gmail com>
Date: Tue, 27 Nov 2007 13:07:09 +0000
On 23/11/2007, Danux <danuxx () gmail com> wrote:
Hi experts, i need your ideas, By now, i am able to upload php files to a Windows 2003 Server, so i can execute php code like phpinfo, but i cant execute passthru command because of lack of IUSR_MACHINE privileges. I have run some local php bof's without success.
Have you tried other ways to execute commands such as system or exec? If you can get one of those working you can redirect output to a file in the document root then view it by browsing to it. Robin ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- PHP Exploitation Danux (Nov 24)
- Re: PHP Exploitation DokFLeed (Nov 25)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation Kish Pent (Nov 25)
- Re: PHP Exploitation Robin Wood (Nov 27)
- Re: PHP Exploitation Danux (Nov 27)
- Message not available
- Re: PHP Exploitation Danux (Nov 29)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation DokFLeed (Nov 25)