![]() ![]() This entry was posted in Exploit, Information Security, Penetration Test, PHP, Shell, Web Server, WebApp by Graeme Robinson. The last command even showed me some files and their owners which in turn (because I am using a shared host) told me the names of some of the other sites are that are running on the same server as mine, which was an unexpected “bonus” find. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). shell.php?e=uname%20-a (I had to URL encode the spaces otherwise my browser thought it should search using google) Install ExifTool NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks.I was able to run unix commands (windows commands should also work if the host is running windows) such as: An alternative is to use passthru() which will also send binary data, but to get that to work properly with binary data, you’d probably have to also set the headers which makes it more than one line. I used shell_exec() instead of just exec() because it returns every line instead of just the last one. The output is just text, not an HTML document so if using a web browser, you will want to view the source in order to see the proper result. ![]() Obviously the WebApp would have to be vulnerable in some way in order to be able to put this script on the server, but once it was, it could potentially be used to do things like dump files and deface the site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |