Exploit for websites cookies and access to read files from the target
It works in such a way that it tests the websites that use the load directory in base64 cookies and the desired directories can be read.
- Another injection method of these websites is to read the logs. For example, if the target web server was ngnix, you can see the user-agent by reading the ngnix log file located in /var/log/ngnix/access.log. You may say, what is the use of user-agent? You can use burp suit or a programming language to put malicious php code instead of user-agent and enter the web server logs. Congratulations, the site was hacked.
if (empty($_COOKIE['PHPSESSID']))
{
$page = "Home";
$page->file = '/www/index.html';
setcookie(
'PHPSESSID',
base64_encode(serialize($page)),
time()+60*60*24,
'/'
);
}
$cookie = base64_decode($_COOKIE['PHPSESSID']);
unserialize($cookie);In this piece of code, "$page->file = '/www/index.html';" sets the file path to the home page of a website. Specifically, it sets the file path to '/www/index.html' for the "$page" variable. This code is used to maintain session state between client and server and to keep track of the user's current page and to make sure that they are directed to the correct page if they leave and then revisit the website. now we can change the pathfile to access directory.