Hi,In this Post i show you a another method of website hacking.........
The vulnerability which we are about to demonstrate in my opinion is the number 1 reason why websites hacked and are exploited further to the server level. When a hacker performs a SQL Injection attack on a website he needs a way to get shell level access
and install the PHP backdoor so he can touch other files on server or
compromise the server itself if it's vulnerable. If we could secure our
uploads and restrict our upload area so that they don't allow it does
not allow the upload of other files instead of images we can protect our
upload area.
However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.
However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
However there is also a method to block the
upload of the above files. But there is also another way to bypass it
even if the uploading of the files name with the above extension is
blocked. We will use tamper data for this purpose.
Step 1
Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.
So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
Step 1
Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.
So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
Step 2 - After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.
That's a separate topic and will be explained in a separate post. However for now I would recommend you to install a third party fileuploading service, Where the file get's uploaded the fileuploading service's server not yours.
About the author :
Minhal Mehdi is a Tech Blogger and Ethical Hacker, He runs a blog http://www.devilscafe.in. where he writes about Exploits and vulnerabllies
Source:-www.rafayhackingarticles.net
No comments:
Post a Comment