tag:blogger.com,1999:blog-3650259870998252242.post4262197860562279871..comments2023-10-20T18:17:56.706+02:00Comments on the world. according to koto: File path injection in PHP ≤ 5.3.6 file upload (CVE 2011-2202)Anonymoushttp://www.blogger.com/profile/11516786094492717236noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-3650259870998252242.post-2812524791623048992015-06-09T03:12:20.561+02:002015-06-09T03:12:20.561+02:00Hi all of u can I found some one learn me SQL and ...Hi all of u can I found some one learn me SQL and All about injection plz if any one wanna sent to me!Meester Seven Upnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-82692566329935334912012-05-30T15:42:23.664+02:002012-05-30T15:42:23.664+02:00I'm using a php code generator right now in or...I'm using a <a href="http://xlinesoft.com/phprunner" rel="nofollow">php code generator</a> right now in order to finish a website I promised to built for a customer, what did the bug effected exactly?!Dana Lapidnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-65152868905736344912011-06-26T21:07:04.280+02:002011-06-26T21:07:04.280+02:00Considering the 'hosting with chroot' situ...Considering the 'hosting with chroot' situation - it would be very convenient to be able to upload /crossdomain.xml, wouldn't it? ;) That is universal (i.e. works for all sites), it's less invasive then defacement, so it might not be spotted right away.kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-66247060159817177532011-06-21T23:58:04.794+02:002011-06-21T23:58:04.794+02:00Thanks,
Apart form scenarios mentioned by you an...Thanks, <br /><br />Apart form scenarios mentioned by you and Paweł, we thought of putting autorun.inf or a malicious .inf file ( http://j00ru.vexillium.org/?p=781 ) on a root drive. But Windows exploitation is not my pair of shoes, so I'll just leave it at this simple boot DoS.kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-9066261424175629142011-06-19T19:18:05.036+02:002011-06-19T19:18:05.036+02:00Binary planting was considered during our brainst...Binary planting was considered during our brainstorming on the subject "how to show that this vulnerability may be really dangerous". Overwriting ntldr or ntdetect.com also was considered, but it should be overwritten with something usefull to gain something more then DoS. I've just realized that for this PoC it might be useful to use sources from ReactOS project althought I don't know if ReactOS also uses ntdetect and ntldr.<br /><br />From the other hand this vulnerability may be useful in real world scenarios. On some hosting platforms root directory is set to root directory of website. In some cases bad programming practices, lack of documentation on the subject what $_FILE[]['name'] really is (or might be) and this bug found by Krzysztof may result in website defacement.Pawel Golennoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-87309302850392150862011-06-18T23:23:31.461+02:002011-06-18T23:23:31.461+02:00kkotowicz kkotowicz Gynvael Coldwindhttp://profiles.google.com/gynvaelnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-89392568344392219872011-06-18T18:02:01.873+02:002011-06-18T18:02:01.873+02:00No doubt this is a rare scenario but as any pentes...No doubt this is a rare scenario but as any pentester would know, such quirks can come in handy when you don't have a direct point of entry and have to resort to exploit-chaining.<br />Eg: http://ha.ckers.org/deathby1000cuts/Lavanoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-80317111782359074252011-06-18T13:31:13.289+02:002011-06-18T13:31:13.289+02:00Nowhere did I claim this has any real-world value,...Nowhere did I claim this has any real-world value, which I also mention in a post. It's rather a funny example for me of what could be done with just off-by-one. kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-36939408620938696702011-06-18T13:13:35.971+02:002011-06-18T13:13:35.971+02:00Cool story bro. I'm glad you created a perfect...Cool story bro. I'm glad you created a perfect environment in which to execute this seemingly irrelevant and impractical exploit. If you need attention this badly, maybe you should do more things naked. ;]justin perrashttp://twitter.com/justinperrasnoreply@blogger.com