WampServer
Apache, PHP, MySQL
on Windows
Null byte injection not working
Posted by:
asdfgh
(159.50.249.---)
Date: June 07, 2011 11:41AM
Hello everyone,
I'm actually working on a course of security IT awarness by creating a little website with a lot of security holes (SQL injection / XSS / Session handling / information leakage / local file inclusion / path traversal...).
I also wanted to add an inclusion vulnerability by using the null byte (%00). Here is an example of what I want to be done :
test.php
<?php
include '/'.$_GET['page'].'.php';
?>
So I send the following data through GET : [localhost]
Normally, this should dump the content of the pass file but I get the following error : Warning: include() [function.include]: Failed opening '/admin/pass'
The path is right, the file exists and there is no problem on this side as this code is working :
<?php
include '/admin/pass';
?>
Which dumps me the content of the pass file.
Is there any options of php or apache on WAMP I should remove to make this vulnerability working ?
Thanks for your help.
Regards,
asdfgh
I'm actually working on a course of security IT awarness by creating a little website with a lot of security holes (SQL injection / XSS / Session handling / information leakage / local file inclusion / path traversal...).
I also wanted to add an inclusion vulnerability by using the null byte (%00). Here is an example of what I want to be done :
test.php
<?php
include '/'.$_GET['page'].'.php';
?>
So I send the following data through GET : [localhost]
Normally, this should dump the content of the pass file but I get the following error : Warning: include() [function.include]: Failed opening '/admin/pass'
The path is right, the file exists and there is no problem on this side as this code is working :
<?php
include '/admin/pass';
?>
Which dumps me the content of the pass file.
Is there any options of php or apache on WAMP I should remove to make this vulnerability working ?
Thanks for your help.
Regards,
asdfgh
Re: Null byte injection not working
Posted by:
stevenmartin99
(---.251.255.11.threembb.ie)
Date: June 07, 2011 11:55AM
No one is going to help you with this on this forum
We can't help people create vunerabilites
Sorry
Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]
We can't help people create vunerabilites
Sorry
Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]
Re: Null byte injection not working
Posted by:
asdfgh
(62.201.142.---)
Date: June 07, 2011 01:15PM
@ Steven
I'm not asking help to create a new vulnerability, I think you really misunderstand my post. The purpose of my demand is to *reproduce* an *existing* vulnerability.
I had already created the code to exploit the vulnerability but it was too simple, it exploited the following code I wrote :
<?php
include '/'.$_GET['page'];ko
?>
Where with this code it was too easy to exploit, so I wanted to add a difficulty by adding an extension as you saw in my previous post by forcing the user to add a null byte.
Everything I am doing now, is on my localhost, I'm the owner of the code, I'm not *hacking* someone else. This is in a clearly defined context of teaching.
I hope you understand my need better.
Regards,
asdfgh
Edit: ok, I found the problem, PHP fixed this at 5.3 version. I juste tested it obmn PHP < 5.3 and it works. Thanks anyway
Edited 1 time(s). Last edit at 06/07/2011 04:28PM by asdfgh.
I'm not asking help to create a new vulnerability, I think you really misunderstand my post. The purpose of my demand is to *reproduce* an *existing* vulnerability.
I had already created the code to exploit the vulnerability but it was too simple, it exploited the following code I wrote :
<?php
include '/'.$_GET['page'];ko
?>
Where with this code it was too easy to exploit, so I wanted to add a difficulty by adding an extension as you saw in my previous post by forcing the user to add a null byte.
Everything I am doing now, is on my localhost, I'm the owner of the code, I'm not *hacking* someone else. This is in a clearly defined context of teaching.
I hope you understand my need better.
Regards,
asdfgh
Edit: ok, I found the problem, PHP fixed this at 5.3 version. I juste tested it obmn PHP < 5.3 and it works. Thanks anyway
Edited 1 time(s). Last edit at 06/07/2011 04:28PM by asdfgh.
Sorry, only registered users may post in this forum.
