Snort mailing list archives
Re: PHP Remote File Include via data: URI
From: Jamie Riden <jamie.riden () gmail com>
Date: Mon, 29 Oct 2012 16:05:38 +0000
Sorry to be a PITA; anyone got this? It'll fall off my mental "todo" list in a day or so, and that'll be it :) On 26 October 2012 07:59, Jamie Riden <jamie.riden () gmail com> wrote:
Hi all, Just to be a royal pain, PHP Remote File Include is perfectly viable using base64 encoded data: URIs. PoC below: # curl "http://127.0.0.1/vulnrfi.php?phone=data:text/plain;base64,PD9waHAgZWNobyAiV09PSE9PISIgPz4="
.. -- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- PHP Remote File Include via data: URI Jamie Riden (Oct 26)
- Re: PHP Remote File Include via data: URI Jamie Riden (Oct 29)