Interpret it!

Let's look at the source code that wasn't interpriposed.

Bo0oM

August 15, 2020

More Decks by Bo0oM

See All by Bo0oM

Носок на сок

0

1.9k

Выйди и зайди нормально

0

99

Защита от вредоносной автоматизации сегодня

0

630

Defending against automatization using nginx

0

880

Antibot pitch deck

0

180

0

230

Your back is white

0

390

1

7.6k

At Home Among Strangers

1

4k

Other Decks in Research

See All in Research

A History of Approximate Nearest Neighbor Search from an Applications Perspective

1

230

ブレグマン距離最小化に基づくリース表現量推定：バイアス除去学習の統一理論

0

220

COFFEE-Japan PROJECT Impact Report（海ノ向こうコーヒー）

0

1.2k

An Open and Reproducible Deep Research Agent for Long-Form Question Answering

0

380

AIを叩き台として、「検証」から「共創」へと進化するリサーチ

0

210

2026年1月の生成AI領域の重要リリース＆トピック解説

0

910

台湾モデルに学ぶ詐欺広告対策：市民参加の必要性

0

290

2026-01-30-MandSL-textbook-jp-cos-lod

1

870

病院向け生成AIプロダクト開発の実践と課題

0

600

[Devfest Incheon 2025] 모두를 위한 친절한 언어모델(LLM) 학습 가이드

2

1.5k

Multi-Agent Large Language Models for Code Intelligence: Opportunities, Challenges, and Research Directions

0

140

LOSの検討（λ Kansai 2026 in Winter）

0

110

Featured

See All Featured

Lessons Learnt from Crawling 1000+ Websites

PRO

1

1.2k

Docker and Python

47

3.8k

What's in a price? How to price your products and services

247

13k

Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge

0

240

PRO

1

48k

Abbi's Birthday

2

6.2k

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

150

It's Worth the Effort

188

29k

Build your cross-platform service in a week with App Engine

234

18k

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

11

880

PRO

2

560

First, design no harm

PRO

2

1.2k

Transcript

How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default      server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch>  …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn