Sometimes people who publish their websites, can be careless enough to leave sensitive information in a directory where a script is accessible.
This can be very dangerous. If the script box can be run on Unix commands and isn't secured, this can allow us to run various scripts in Unix to snoop around the site/directory.
Now suppose a site provides a script box and asks to enter the date.
We all know the Unix command 'cal' which allows us to print the date.
Now suppose the site asks us the enter the year in which you want to see the calendar.
And once you hit the submit button a calendar for that year appears.
Wait. So if i'm using the command cal, why can't I use other command in concatenation?
If you want to snoop in that directory simply concatenate the ls - l command with &&.
So in the script box hit && ls-l and you'll have a list of all files within that directory.
If by chance you found a secure, hidden file ending with php, simply copy paste the name.php at the end of the url to access the file.
If you want to snoop around along different directories you could always use ".." to reach the parrent directories.
Remember
.. -parent directory
. - current directory
The possibilities are endless, you can inject any Unix command you like.
Scary, right?
If you liked this post please share and rate.
Update: How to use ls on Perl scripted sites
For those perl sites that use the syntax page.pl?page=value
where page is a parameter and value is the corresponding value, its possible to use ls to see the list of items within that directory.
Example
page.pl?page=faq
means it'll open the page corresponding to "faq", meaning that it'll open the frequently asked question pages.
Now with the pipe operator in Unix (|) its possible to use ls
Simply type
page.pl?page=|ls|
with the pipe operator appended we are now able to see all the files on that directory.
If you liked this post please share and rate.
This can be very dangerous. If the script box can be run on Unix commands and isn't secured, this can allow us to run various scripts in Unix to snoop around the site/directory.
Now suppose a site provides a script box and asks to enter the date.
We all know the Unix command 'cal' which allows us to print the date.
Now suppose the site asks us the enter the year in which you want to see the calendar.
And once you hit the submit button a calendar for that year appears.
Wait. So if i'm using the command cal, why can't I use other command in concatenation?
If you want to snoop in that directory simply concatenate the ls - l command with &&.
So in the script box hit && ls-l and you'll have a list of all files within that directory.
If by chance you found a secure, hidden file ending with php, simply copy paste the name.php at the end of the url to access the file.
If you want to snoop around along different directories you could always use ".." to reach the parrent directories.
Remember
.. -parent directory
. - current directory
The possibilities are endless, you can inject any Unix command you like.
Scary, right?
If you liked this post please share and rate.
Update: How to use ls on Perl scripted sites
For those perl sites that use the syntax page.pl?page=value
where page is a parameter and value is the corresponding value, its possible to use ls to see the list of items within that directory.
Example
page.pl?page=faq
means it'll open the page corresponding to "faq", meaning that it'll open the frequently asked question pages.
Now with the pipe operator in Unix (|) its possible to use ls
Simply type
page.pl?page=|ls|
with the pipe operator appended we are now able to see all the files on that directory.
If you liked this post please share and rate.
No comments:
Post a Comment