I'm doing an XXE vuln found in Plesk sso on demo, whenever I try to read a php source code through
php://filter/convert.base64-encode/resource=/var/www/vhosts/domain/httpdocs/index.php
I'm presented with the following response:
Server error (code 500): Exception with message 'Identifier is not initialized. table={"name":"sp","id_column":"sp_id","auto_id":null,"deferred_delete":false}' caught at top level.
However, I don't have any issues reading etc/passwd through:
php://filter/convert.base64-encode/resource=etc/passwd
allow_url_fopen is On, What's the use of php://input? And What could be the issue?
More info: http://ift.tt/1nndvaD
Aucun commentaire:
Enregistrer un commentaire