Xavier's Security Post: ritk updates to beta 0.2

.comment-link {margin-left:.6em;}

Xavier's Security Post

Monday, October 31, 2005

ritk updates to beta 0.2

this new release of ritk ("remote inclusion toolkit") contains cleaner syntax, some constants set for use in the reverse connection backdoor, and finally the addition of a method to exploit a weakness in PHP's safemode/open_basedir(). The vulnerability was disclosed by slythers@gmail.com and I thought it would be such a neat usage for remote inclusion penetration testing.

the variable to use ritk's new feature is &bypass=1, which currently supports the libcurl means of bypassing safemode/open_basedir. I am in the middle of research to expand the method; for it seems PHP's safemode/open_basedir system is quite flawed.

you can read its README file here

¶ 10/31/2005 07:33:00 AM

Comments: Post a Comment

<< Home

This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

RECENT RELEASES

Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

ARCHIVES

September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /