Many web forums have mushroomed on
internet and they are setup in a jiffy,so they
wont pay much attention to security . An
older exploit I m discussing here is Null Byte
exploit.Almost all forums include a picture
and avatar uploading system where you can
upload your user signatures and avatars.At
first look it looks like a normal uploading
system,but its a way to upload our own files
into forum,or to get into admin area and
literally “OWN” the forum. However as this
hack is outdated as of now,most have
deployed some form of input sanitation to
prevent such an attack.
Nevertheless,thousands of vulnerable forums
do exists even now with even some bigger
names crossed here.
How to do exploit it?
In order to exploit this vulnerability,you must
input “% 00” (with or without space as the
case arises).Now a lot of you are probably
asking what the heck it is? Ah well..its the
encrypted version of NULL .Its just like the
same as we used to exploit the null session
in Windows systems.
Now,whenever you will upload a file,you will
be asked to specify the directory where the
file is located.Now as each file has a
particular extension,to signify thekind of file
it is.Now what if we can input the “% 00” at
the end of the file ?
The way most forums keep bad files in
control and out of forum is by restricting
certain extensions such as .exe . php etc.But
if we can modify the file and trick the server
into thinking thatits something else the..
For Example:
C:webrootc99.php% 00.jpg
Now when we do this,The operating system
will read the file to be uploaded as a PHP
file,but the forum server will readit as a .jpg
(image) file.And when this happens,you will
exploit it to get and upload your files on
server,and if you are a bit creative,can access
the admin area too.
IF YOU LIKE MY POST REPLY!
No comments:
Post a Comment