iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (3)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
php configurations leaks,how dangerous it could be?
  • mandi
    Posts: 207
    I have been searching for vulnerable sites with dorks and i found out this site

    http://www.magpienet.biz/phpinfo.php
    http://www.magpienet.biz/php.ini


    It seems to be a shared linux server,
    and as the server leaks its configuration and all,

    is there any possiblity of getting a shell on this server with these informations?

    also the kernel

    2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64


    seems to be rootable,

    so i think if we can get the shell we can root the server,

    many of the basic security functions is turned off
    like the safe mode,magic quotes .

    so can any body give me some ideas to get a shell on this server?

    or Atleast tell me by knowing the php configurations of a server,what we can do to get a shell ?


    any ideas please?
  • Hex00010
    Posts: 5
    Well that site is fucked up Anways So u wont be able to get a shell on there now unless there are other sites on the sever that you can exploit and upload a shell on or just be so fucking awsome to have a Remote exploit for that kernel/services running

    One thing i noticed is that the php.ini is within the users group

    aka


    home/magpi2/public_html/php.ini



    What does this mean?

    If you upload a shell and lets say for example Openbase_dir is on

    Now if we tried to lets say view a file out of the current folder of another users files like


    cat /home/rawr/public_html/config.php


    It wont work Why? Because OpenBase_Dir is enabled ( unless u have a way to bypass that symlinking,etc,etc,etc )

    Now

    A lot of hackers think uploading a custom modified php.ini with only

    disable_functions =
    Safe_Mode= off
    OpenBase_Dir = ""

    Will help them be able to view other users files

    BUT GUESS WHAT


    IT WONT


    So the whole php.ini is pretty much a waste of time and it is only there for the users site

    his php.ini does not have the same settings as the offical php.ini Does



    Hope this helps :)
  • Sh3llc0d3
    Posts: 1,910
    Can I point out that the home/ issue may also be down to the admin setting up jails for user.
Add a Comment