[video] LFI Local Upload Form

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [video] LFI Local Upload Form

Post by 3xtr3m3b0y » Thu Apr 29, 2010 8:17 am

Wew, makin mantep aja neh Paman :kaca:
But paman, I wanna ask U something, jika kt menemukan kondisi sprt ini pada LFI :

1. Gak ada izin utk mengakses /proc/self/environ
2. Gak ada izin utk mengakses semua Log Apache
3. Gak ada fasilitas Upload pada website utk pengguna umum yg bisa digunakan utk ngupload text or image yg bisa ditumpangi dgn PHP Code.

So, what should I do next Paman...??? Apa RCE gak bisa dilakukan kemudian...???
Sayangnya pada LFI file PHP langsung dijalankan, tdk sprt pada Load_File SQLi dimana file PHP tdk di interpretasikan sehingga kode-kode PHP dari file tsb akan diperlihatkan...

Mohon pencerahannya Paman...!!! :putusasa:
...n0 l1m17...

User avatar
the_pheng
Posts: 6
Joined: Mon Mar 12, 2007 11:43 pm
Contact:

Re: [video] LFI Local Upload Form

Post by the_pheng » Fri Apr 30, 2010 4:33 pm

apik euy... scannernya. thank's for share..

Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

Re: [video] LFI Local Upload Form

Post by Paman » Sat May 01, 2010 2:36 am

Forum rules
Sertakan POC disini agar member dapat mempelajarinya


^^v
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

User avatar
.::Z10R::.
Posts: 34
Joined: Wed Jul 16, 2008 3:23 pm

Re: [video] LFI Local Upload Form

Post by .::Z10R::. » Sat May 01, 2010 7:16 pm

jack emang ngak ada matinya

kayaknya harus di rudal nih :kaca: :kaca:
Mencoba Pensiun dari game Online

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [video] LFI Local Upload Form

Post by Xshadow » Sat May 01, 2010 8:48 pm

sehingga kode-kode PHP dari file tsb akan diperlihatkan...
kalo diperlihatkan load aja confignya :D
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [video] LFI Local Upload Form

Post by Xshadow » Sun May 02, 2010 9:16 am

Paman wrote: PS : dicomot abis dari evilc0.de
ketemu site .id PATCH!!!
ketemu site .my SIKAT!!!
ini yang gua seneng... :ngakak: :ngakak: :ngakak:
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

cyber_terror1st
Posts: 144
Joined: Fri Apr 30, 2010 8:35 pm

Re: [video] LFI Local Upload Form

Post by cyber_terror1st » Sun May 02, 2010 11:42 pm

kk gmana cara download tu filem?? :maaf:
i'm cyber_terror1st and i proud what i suppoust to be

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [video] LFI Local Upload Form

Post by Xshadow » Sun May 02, 2010 11:58 pm

cyber_terror1st wrote:kk gmana cara download tu filem?? :maaf:
pakai idm atau software download lain... trus masukkan link-nya :)
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [video] LFI Local Upload Form

Post by 3xtr3m3b0y » Mon May 03, 2010 7:17 am

Xshadow wrote:
cyber_terror1st wrote:kk gmana cara download tu filem?? :maaf:
pakai idm atau software download lain... trus masukkan link-nya :)
cyber_terror1st << Waspada jgn2 anggotax NURDIN MANG TOP...!!! :marah2:

Skalian Nyong tambahin, sebelum beliau nanya gmn cara muterx tuh pilem.
Klo pengen muter pilemx pke BROWSER aja, caranya :
1. Klik kanan File pilemx
2. Pilih menu Open With
3. Pilih Mozilla Firefox or Internet Explorer
***************************************************

Btw ini video PoC LFI to RCE menggunakan File Gambar yg telah diinject dgn Kode PHP...

Code: Select all

http://milw0rm.com/video/store/57.swf
...n0 l1m17...

Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

Re: [video] LFI Local Upload Form

Post by Paman » Wed May 05, 2010 12:27 am

3xtr3m3b0y wrote:Wew, makin mantep aja neh Paman :kaca:
But paman, I wanna ask U something, jika kt menemukan kondisi sprt ini pada LFI :

1. Gak ada izin utk mengakses /proc/self/environ
2. Gak ada izin utk mengakses semua Log Apache
3. Gak ada fasilitas Upload pada website utk pengguna umum yg bisa digunakan utk ngupload text or image yg bisa ditumpangi dgn PHP Code.

So, what should I do next Paman...??? Apa RCE gak bisa dilakukan kemudian...???
Sayangnya pada LFI file PHP langsung dijalankan, tdk sprt pada Load_File SQLi dimana file PHP tdk di interpretasikan sehingga kode-kode PHP dari file tsb akan diperlihatkan...

Mohon pencerahannya Paman...!!! :putusasa:
ini jawaban na....




[/quote]Btw ini video PoC LFI to RCE menggunakan File Gambar yg telah diinject dgn Kode PHP...

Code: Select all

http://milw0rm.com/video/store/57.swf
[/quote]

ha ha ha,,
kaboor~
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

Post Reply

Return to “Web Hacking”