Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (1)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
So . i have scanned a site and founde some vulns XSS etc ... but i have finde an interesting vuln too .. The vuln is Code execution ..
but i have a problem with this vuln .. the problem is that i cannot recognize what encode type is using Acunetix when is encoding this command ...
&cat /etc/passwd& this is the command when is not encoded and now when is encoded %26cat%20%2fetc%2fpasswd%26
Please cane tell me what encode type is this and also how could i upload a shell with this vuln ...
also i have made some screens of this vuln ...
And then what? What would you do with the shell? ... Plz, if you don't know what type of encoding that is, than you shouldn't be talking about uploading shells trough code execution.. Don't run if you can't walk yet :)
To you my friend that is simple URL encoding. And i'm hghly surprised that you didn't know about that, since you have found an xss vuln. As x3n0n said, if you do not know the basics of website hacking you shouldn't try to upload a shell through code execution.
1.This is URL encoding;
2.How to get a shell
1)you need konw the site's path(like /var/site/);
2)echo (shell's code) > /var/site/shell.php
Add a Comment