Timeline for Unrestricted File Upload - Possible exploits
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 28, 2013 at 3:37 | answer | added | David Houde | timeline score: 0 | |
| Dec 27, 2013 at 22:27 | answer | added | jamiescott | timeline score: 2 | |
| Dec 19, 2013 at 11:00 | comment | added | ibrahim87 | Yes, I know that the PHP actually runs. How can I grab the MySQL creds? What is the file that contains them? | |
| Dec 19, 2013 at 0:28 | comment | added | bobince | I wouldn't assume "unable to fork" is a security restriction, this fails a lot for a selection of non-security reasons too. You are likely to have trouble spawning the native cmd.exe, but you might be able to write an exe of your own into the same directory as the PHP and execute it from there. Meanwhile, if your aim is sensitive information, grab the MySQL creds and suck at the database. | |
| Dec 18, 2013 at 22:55 | comment | added | Gumbo | This sounds more like a question about post exploitation on a Windows system. | |
| Dec 18, 2013 at 21:15 | comment | added | AviD♦ | Did the PHP actually run? Do you know for a fact that there is a PHP interpreter installed and configured on the IIS, or why would you assume that? If not, you could try uploading an ASP file, instead, since this is IIS... | |
| S Dec 18, 2013 at 20:52 | history | suggested | Sajjad Pourali | CC BY-SA 3.0 |
add tags, remove thanks , better style and misspelling .
|
| Dec 18, 2013 at 20:44 | review | Suggested edits | |||
| S Dec 18, 2013 at 20:52 | |||||
| Dec 18, 2013 at 18:51 | history | asked | ibrahim87 | CC BY-SA 3.0 |