iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Code execution
  • Hardcore-Gabber
    Posts: 118
    So . i have scanned a site and founde some vulns XSS etc ... but i have finde an interesting vuln too ..  The vuln is Code execution ..
    but i have a problem with this vuln ..  the problem is that i cannot recognize what encode type is using Acunetix when is encoding this command ...

    &cat /etc/passwd& this is the command when is not encoded and now when is encoded %26cat%20%2fetc%2fpasswd%26

    Please cane tell me what encode type is this and also how could i upload a shell with this vuln ...

    also i have made some screens of this vuln ...

    http://imageshack.us/g/190/82307930x.png/
  • lsm
    Posts: 3
    http://en.wikipedia.org/wiki/Percent-encoding
  • x3n0n
    Posts: 110
    And then what? What would you do with the shell? ... Plz, if you don't know what type of encoding that is, than you shouldn't be talking about uploading shells trough code execution.. Don't run if you can't walk yet :)
  • Phage
    Posts: 78
    To you my friend that is simple URL encoding. And i'm hghly surprised that you didn't know about that, since you have found an xss vuln. As x3n0n said, if you do not know the basics of website hacking you shouldn't try to upload a shell through code execution.
  • laterain
    Posts: 3
    1.This is URL encoding;
    2.How to get a shell
    1)you need konw the site's path(like /var/site/);
    2)echo (shell's code) > /var/site/shell.php
Add a Comment