DeveloperSide.NET Forums

DeveloperSide.NET => Anything else goes here => Topic started by: night2dark2 on September 30, 2007, 03:19:15 AM



Title: c99shell exploit
Post by: night2dark2 on September 30, 2007, 03:19:15 AM
People please be careful with File Upload scripts. If a hacker wants to hack your site they might view the directory of your site then Uploading the PHPScript. theirs a catch. With your File Upload script you might only accept certain file types. Eg TextFiles or image files. so they will use
Code:
%path%\%file%.php%00.EXT
and thats One of the exploits. and 2 JavaScript Injection. Careful if your Site has any cookies or saves them in the path. I read a small guide on how to do a website attack. I Learned a bunch. and Admin , That Base64 Code is Encrypted 20x. You wont get to the bottem of the Base64. if you want to see what the shell can do to your computer , PM me and ill send you the file you need. You might say what? this doesnt look like a valid file. WRONG! it is a valid file. Its a Base64 Encrypted file. Because of eval(gzinflate(base64_decode

so yeah. Just becareful with some scripts. I Did a test of my own on my site. I saw exploits that I never knew Existed on my site. Admin maybe start Providing Mod_Suhosin over mod_Security for the Suite install.