Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
upload web shell
Posted by: the_master
Date: July 05, 2013 10:51AM

Hi there,
while Im doing a penetration testing to some client i'm dealing with next problem:
I have a possiblity of upload file but, I could not able to bypass the protections.

The web-site uses FCKeditor, I have tried everything but file upload feature blocked(Config['Enabled'] = false in all of the languages(python, perl etc..).

The web-site uses unknown CMS..
I have searched for vulnerabilities which caused a possiblity of a remote command execution(sql injection, rfi/lfi etc..)

but, I found out a file upload system which can potentially upload a web shell.
I've tried everything such: inject php code into exif's image, null byte injection, tried all the conbination on the file's name - it upload the file but with the %00.jpg or with the ;.jpg, change the content-type..

There's a function which paint the wanted image and return an error incase of the image couldnt be painted.
some help will be great.
thank you!

Options: ReplyQuote


Sorry, only registered users may post in this forum.