2008년 02월 18일

Image Shells | Use and Create Them

welcome to the tutorial!

today we will create a working image shell that does not break the image and make it invalid. This image shell can be
useful when finfing lfi and its use will be explained, its actually pretty simple.

First open up photoshop and use the following settings for our example:

http://www.psp-gamerz.com/1.jpg

then add an avatar or image and some text if you like:

http://www.psp-gamerz.com/3.jpg

now to insert working php code do file >> file info

http://www.psp-gamerz.com/4.jpg

on the copyright url line insert your php code

http://www.psp-gamerz.com/5.jpg

Now when you have lfi you can view local files and include them.

So we find an lfi vulnerable site with a forum or some type of image uploading. Now find out the location of our
image-shell and include it in our query. for example:

i have found :

index.php?page=home.htm

you do :

index.php?page=images/uploads/image.jpg

It will successfully run the php code and include a shell or do whatever you want.

Hope you enjoyed this tutorial good luck on your next hack

이 글과 관련있는 글을 자동검색한 결과입니다 [?]

by r3dr0ot | 2008/02/18 20:14 | →Basic Articles | 트랙백

트랙백 주소 : http://r3dr0ot.egloos.com/tb/78287
☞ 내 이글루에 이 글과 관련된 글 쓰기 (트랙백 보내기) [도움말]
※ 로그인 사용자만 덧글을 남길 수 있습니다.

◀ 이전 페이지          다음 페이지 ▶