Coder Social home page Coder Social logo

showmetheexploit's Introduction

showmetheexploit

Do you accept the challenge?

Comment in the YouTube comments or on reddit at: https:www.reddit.com/r/PHPhelp/comments/ct0m88/i_need_a_benign_exploit_serious/ There will be a ton of caveats at the bottom of this post, but I will get right to the TLDR; I'm not saying this is GOOD php, but I'd like to know if it is DANGEROUS php. Not just "looks dangerous", but I'd like someone to show me what could possibly be sent to $_GET that would actually cause a problem (without uploading a previous exploit).

Ideally I would like to see someone

  1. trigger notepad.exe to run as a benign exploit.
  2. delete index.php or sound.php
  3. modify index.php or sound.php I chose notepad because it's already in the windows path, so no folder traversal necessary.

What could I send to sound.php?sound= to cause a problem?

$mp3 = htmlentities($_GET['sound']); obviously not right, but dangerous? $player = 'cmdmp3.exe';

if(file_exists("sounds/$mp3.mp3")){ shell_exec($player.' sounds/'.$mp3.'.mp3'); die(); }else{ die(); }

Here are the caveats.

  1. Obviously I didn't properly sanitize the shell code. That's fixed now in a later rev.

  2. That said with the if file_exists statement and the mp3 pinned to the end, what in the world could you get to trigger "true" on the if statement that would also be dangerous in the shell_exec.

  3. To be clear. I'm not saying "not possible" I'm saying "I don't know what I don't know."

  4. This code section of the code was posted for running on local networks and I use it in air-gapped networks. There was never a suggestion to stick it on your godaddy account and it wouldn't even work on a cloud server because it needs speakers connected to the server. I use this for escape rooms and arduino/pi based interactive games.

  5. It's super easy to say "that looks exploitable" than to actually have an idea of how to exploit it.

  6. I don't consider uploading another malicious file and using this to run it an exploit. If you can upload random, executable code to an apache server, it's game over for security anyway. You would just upload exploit.php and run it. You don't need to daisy chain it with this.

I can't say enough how much I appreciate people taking the time to read this far. I genuinely want to learn.

showmetheexploit's People

Contributors

mudmin avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.