| PHP Developers Network http://forums.devnetwork.net/ |
|
| is it impossible??? http://forums.devnetwork.net/viewtopic.php?f=39&t=139794 |
Page 1 of 1 |
| Author: | M0TRIX [ Thu Jun 19, 2014 7:49 am ] |
| Post subject: | is it impossible??? |
hello follow the steps: 1_download edjpgcom.exe program. 2_drag the jpg file in the edjpgcom program the u can put your cods into the jpg file 3_put these codes into it : > 4_upload the jpg file. 5_run it like this image.jpg?cmd=ls do u think is it possible to run command with this method??? or other extense of image files like png gif etc.. |
|
| Author: | Weirdan [ Thu Jun 19, 2014 12:19 pm ] |
| Post subject: | Re: is it impossible??? |
That's possible, however only if the webserver is misconfigured to process image files through php. Another exploit vector would exploiting attacker-controlled includes, but if that's possible it would itself be a security issue. |
|
| Author: | M0TRIX [ Thu Jun 19, 2014 5:00 pm ] |
| Post subject: | Re: is it impossible??? |
i've test it on a website.i just see the picture !!!but no command works!! why????there is php cod in it. it should work i put <php and ?> characters in it.the webserver should recgnize it as a php file.huu?? is there any way to run our command with the picture?? so what is "edjpgcom.exe"(first post) program for? |
|
| Author: | Celauran [ Thu Jun 19, 2014 6:47 pm ] |
| Post subject: | Re: is it impossible??? |
What are you trying to do here? Having shell_exec and/or exec enabled on a server is a pretty terrible idea. |
|
| Page 1 of 1 | All times are UTC - 5 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|