Building on exploit...

astropirate · Post by **astropirate** » 30 Mar 2009, 19:55

Hello all!
I am trying to get a site to run a php script. The site runs on phpbb3. I have already found an exploit; a portion of the site uses connects to a database and retrieves and displays information upon load. Now i do not have access to the site itself but i do have access to the database. I have tried putting my script in a database filed so it would be executed when page loads, but unfortunately PHPBB3 seems to be filtering it out. So i have been limited to just plain html and JavaScript.

some details

this is how it is displayed

Code: Select all


$template->assign_block_vars('faq_block.faq_row', array(
'FAQ_ANSWER' =>

"<tr><td>"
.$field['number']
."</td><td>"
.$field['props']
."</td><td>"
.$thing2
."</td></tr>"
));

Could some one please shed some light as how i can build on this loop hole?

Thanks

Post by **bad_brain** » 31 Mar 2009, 05:20

in other words: you're trying to upload a remote shell, eh?

have you properly used escape sequences when putting the code into the database?

astropirate · Post by **astropirate** » 31 Mar 2009, 13:06

it isn't that it seems to be leaving out any thing inside <? ?> and those tags too. i was hoping there was a loop hole with wich i could make it execute php with only html and javascript at hand.

Post by **bad_brain** » 31 Mar 2009, 13:23

well, you can call .php from .js:
http://www.javascriptkit.com/javatutors ... lphp.shtml

astropirate · Post by **astropirate** » 31 Mar 2009, 14:02

lol but the thing is that i want the php to be executed on the target server not my own.