Help Folks 2

Discuss the many weaknesses of browser security and ways to mitigate the threat

Help Folks 2

Post by VeseliTigar on Fri Jul 23, 2010 11:56 am
([msg=42563]see Help Folks 2[/msg])

Ok. I realy break the rules, my apologies for that. So I realy need to get any tutorial or something
for breaking include function. Any links, advices or something like that. I am familiar with php
so i would appreciate any tutorial. Thanx :D

My problem is this:

I have script that open other files when you type in name of script. example. www.site.com/index?open=filename here.
I think it's using addslash() function to disable invalid inputs like ' / ", and at end every input it add .php extension.
Links, advices or anything. Would be appreciate. :) Thanx again, a lot, for every post. :D :D :D
VeseliTigar
New User
New User
 
Posts: 8
Joined: Thu Jul 22, 2010 3:53 pm
Blog: View Blog (0)


Re: Help Folks 2

Post by msbachman on Fri Jul 23, 2010 9:22 pm
([msg=42577]see Re: Help Folks 2[/msg])

What you're talking about is a simple Remote-File Include (RFI).

Here is a simple tutorial that's decent but probably not the best.

Are you sure the slashes are being escaped? It seems if you got that far to include a remote file nothing of what I said is new to you, so sorry if this didn't help much.

There are some other ways that it could be done, for instance they could have coded the page with a switch table so that if you don't include a set of explicitly defined files it defaults to something.

Also, they could have turned off allow_url_include.
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests