Est sait, v sait est LFI(Local file inclusion), problema v tom sto sait JAVA, etc/passwd vidno webserver tomcat
proc/self/environ vidno no ne obichnaja s DOCUMET_root no vot takaja:
Shell zalits cherez <?php tagi ne mozna.
Tak vorpos takoy, mozna kakto zalits shell po drugomu? Mozet est kakoita JAVA shell kod?
Mnye skinuli etot link i skazali sto mozna tak zalits, no kak i gde?
http://stackoverflow.com/questions/6420265...ng-java-program
proc/self/environ vidno no ne obichnaja s DOCUMET_root no vot takaja:
Код:
SHELL=/bin/shCATALINA_HOME=/fss/app/packages/tomcat-cushionsCATALINA_BASE=/home/f/cushions/tomcatUSER=f4PATH=/usr/java/jdk1.6.0_16/bin:/usr/java/jdk1.6.0_16/bin:/usr/bin:/binPWD=/home/f/cushions/tomcat/tempJAVA_HOME=/usr/java/jdk1.6.0_16CATALINA_OPTS= -Dgrails.env=production -Dcushions.config.location=/home/f/cushions/release/config/production -Dcushions.logging.dir=/home/f/cushions/logs -Dcushions.config.fqdn=dlx36157-f.co.uk -Xms2048m -Xmx2048m -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:NewRatio=2 -XX:MaxPermSize=512m -Dhttp.maxConnections=30 -Dcom.sun.management.jmxremote.port=1041 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=falseHOME=/home/f4SHLVL=4CATALINA_PID=/home/f/cushions/tomcat/catalina.pidLOGNAME=f_=/usr/java/jdk1.6.0_16/bin/javaLD_LIBRARY_PATH=/usr/java/jdk1.6.0_16/jre/lib/amd64/server:/usr/java/jdk1.6.0_16/jre/lib/amd64:/usr/java/jdk1.6.0_16/jre/../lib/amd64Shell zalits cherez <?php tagi ne mozna.
Tak vorpos takoy, mozna kakto zalits shell po drugomu? Mozet est kakoita JAVA shell kod?
Mnye skinuli etot link i skazali sto mozna tak zalits, no kak i gde?
http://stackoverflow.com/questions/6420265...ng-java-program
