Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Bo0oM
August 15, 2020
Research
0
1.2k
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.9k
Выйди и зайди нормально
bo0om
0
97
Защита от вредоносной автоматизации сегодня
bo0om
0
630
Defending against automatization using nginx
bo0om
0
860
Antibot pitch deck
bo0om
0
180
31337
bo0om
0
220
Your back is white
bo0om
0
380
FTP2RCE
bo0om
1
7.6k
At Home Among Strangers
bo0om
1
4k
Other Decks in Research
See All in Research
Aurora Serverless からAurora Serverless v2への課題と知見を論文から読み解く/Understanding the challenges and insights of moving from Aurora Serverless to Aurora Serverless v2 from a paper
bootjp
6
1.5k
20251023_くまもと21の会例会_「車1割削減、渋滞半減、公共交通2倍」をめざして.pdf
trafficbrain
0
190
Multi-Agent Large Language Models for Code Intelligence: Opportunities, Challenges, and Research Directions
fatemeh_fard
0
130
Agentic AI フレームワーク戦略白書 (2025年度版)
mickey_kubo
1
130
Community Driveプロジェクト(CDPJ)の中間報告
smartfukushilab1
0
190
CoRL2025速報
rpc
4
4.4k
英語教育 “研究” のあり方:学術知とアウトリーチの緊張関係
terasawat
1
250
Combining Deep Learning and Street View Imagery to Map Smallholder Crop Types
satai
3
640
IEEE AIxVR 2026 Keynote Talk: "Beyond Visibility: Understanding Scenes and Humans under Challenging Conditions with Diverse Sensing"
miso2024
0
110
データサイエンティストをめぐる環境の違い2025年版〈一般ビジネスパーソン調査の国際比較〉
datascientistsociety
PRO
0
870
財務諸表監査のための逐次検定
masakat0
1
270
HoliTracer:Holistic Vectorization of Geographic Objects from Large-Size Remote Sensing Imagery
satai
3
690
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
280
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
560
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
100
Large-scale JavaScript Application Architecture
addyosmani
515
110k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
310
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
190
How GitHub (no longer) Works
holman
316
140k
The Curious Case for Waylosing
cassininazir
0
260
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.3k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn
bo0om
bootjp
trafficbrain
fatemeh_fard
mickey_kubo
smartfukushilab1
rpc
terasawat
.png){kind=avatar}
satai
miso2024
datascientistsociety
masakat0
iamctodd
caitiem20
akashhashmi
rmw
uxyall
techseoconnect
addyosmani
jct
frankvandijk
holman
cassininazir
tammyeverts
![Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php](https://files.speakerdeck.com/presentations/0ecb1a2e4df24c39acaf78fbcdfe9557/slide_13.jpg){kind=link}
