LFI to RCE via access_log injection

php://input Injection [video]

php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype="multipart/form-data". php://input can only be read once.


greetz to AntiSecurity


watch the video HERE


download the video HERE



./NoGe


Comments

Anonymous said…
mangtabs gan ....... :D
sygnya tulisanya agk gug jelas hihihih
tp gug ap ap....ijin coba gan :D
evilc0de said…
jelas koq tulisan na..
coba nonton langsung dari web na deh.. http://pacenoge.org/vid/php_input.html
Anonymous said…
oh iya yah heheheh ......mangtabs gan :D
Anonymous said…
What type of vuln is these and how to check if site is vuln to these
Anonymous said…
Please give link for shell
AaEzha said…
donlot dulu gan :D
evilc0de said…
@ all
happy hacking.. :p
Anonymous said…
how is google dork??
evilc0de said…
be creative.. :p

example dork

inurl:"index.php?page="
inurl:"home.php?file="
bjork said…
This website has been suspended. Please contact support via http://www.123-support.co.uk/

telat saya zzzzzzzzzz
labatterie said…
The type of vuln is these and how to check...
Thank you for sharing with us. The content is very good and helpful for me, I learn and know more about it.