However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.
shell.php;.jpgHowever there is also a method to block the upload of the above files. But there is also another way to bypass it even if the uploading of the files name with the above extension is blocked. We will use tamper data for this purpose.
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 1:
Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.
So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
Step 2:
After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.
Precautions To Protect Your Website from the FileUpload Vulnerability?
That's
a separate topic and will be explained in a separate post. However for
now I would recommend you to install a third party fileuploading
service, Where the file get's uploaded the fileuploading service's
server not yours.
The
vulnerability which we are about to demonstrate in my opinion is the
number 1 reason why websites hacked and are exploited further to the
server level. When a hacker performs a SQL Injection attack on a website
he needs a way to get shell level access and install the PHP backdoor
so he can touch other files on server or compromise the server itself if
it's vulnerable. If we could secure our uploads and restrict our upload
area so that they don't allow it does not allow the upload of other
files instead of images we can protect our upload area.
However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.
Step 1:
Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.
So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.
However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.
shell.php;.jpgHowever there is also a method to block the upload of the above files. But there is also another way to bypass it even if the uploading of the files name with the above extension is blocked. We will use tamper data for this purpose.
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 1:
Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.
So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
Step 2:
After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.
Precautions To Protect Your Website from the FileUpload Vulnerability?
That's
a separate topic and will be explained in a separate post. However for
now I would recommend you to install a third party fileuploading
service, Where the file get's uploaded the fileuploading service's
server not yours.
0 komentar:
Posting Komentar