Main » 2011 » Март » 16 » Vulnerability in the site qip ru
11:26
Vulnerability in the site qip ru
Well, I think enough time has passed, and you can write about it.
And to avoid what happened after the publication of articles about the Rambler, and not to leave in the bank, I waited, wrote to the administration, the vulnerability was closed. So, I write with a completely pure soul.

New holey bun



So did the guys from qip.ru host site selection of the city where you live. The date and time trials, I leave with you, otherwise it will be not good, but I will say that not so long ago.

After selecting the city, you get information about weather in your hometown, that is quite comfortable plyushechka. Well, like everyone else, I decided to take, and took advantage. And it turned out that the service is even interesting for some.

View


poke this menus with the mouse, was chosen city and traced the headers sent by the server. POST data look like this:

code = RU_14_41145_24959

A little looking around, trying to pass various parameters of the script, changing them as we can. And voila, the last parameter is waiting for us syurpriz.Peredaem something like:

code = RU_14_41145_24959abrabr! 1

and see the beauty:

Oops, lfi, local file inklud. Just lovely! Well that's all, experienced by the attacker picks count rises relative to the root directory, and an opportunity to view various system files, including server configuration files. And if zainklduit apache logs, providing them with pre-"poisonous Code" in the User-Agent, it will generally be a full shell. Well we have something good with you guys, so we're doing it did not.

Good-boys


wrote to the administration, talked to ihnim lead programmer on ICQ, and found a mutual understanding. The benefit of the programmer they guy is good, and we talked a good thing. I explained that where it closed. The truth is not closed on the first try, first they have made the change "/" in the variable, that is, had the opportunity to juzat "\", and that's only a week after the first feila, they repaired it at all. That's all, and morality of this post is: filter post, do not use Explode, because lost among the arrays, and otfiltruesh desired, as happened with qip.ru.
Views: 465 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: