paxnWo Posted January 19, 2010 Report Share Posted January 19, 2010 Ne tot intrebam noi cum de reusea tinkode sa puna mana pe dburile forumurilor de warez. Era clar ca doar cei care aveau vbulletin nulled erau afectati. Eu cu kwe eram la o tigara acum 2 ore, foarte intrigati. A dat un ls pe rowarez.org si ne-a sarit imediat in ochi un fisier: validator.php . Cand este accesat, listeaza toate fisierele de pe host, inclusiv .sql-urile. Nu e chiar un exploit, dar e un trick. Luati-o cum vreti: files listing, directory listing, file disclosure, vbulletin nulled exploit, 3.7.2, 3.8.4, 4.0.http://site.com/forum/validator.phphttp://www.google.ro/search?hl=ro&cr=countryRO&q=powered+by+vbulletin&start=0&sa=Nhttp://skaters.ro/validator.phpdaca nu gasesti backup, faci social. Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 19, 2010 Report Share Posted January 19, 2010 Hmm interesant. Foarte interesant chiar. Multe scripturi nulled cred ca au cate ceva suspect prin ele, daca nu un fisier, atunci cod in plus ceva. Quote Link to comment Share on other sites More sharing options...
redking Posted January 19, 2010 Report Share Posted January 19, 2010 pffff....si de cate ori l-am intrebat! Quote Link to comment Share on other sites More sharing options...
Guest Mosad Posted January 19, 2010 Report Share Posted January 19, 2010 kwerln fiti-ar vaca ... Quote Link to comment Share on other sites More sharing options...
lit Posted January 19, 2010 Report Share Posted January 19, 2010 tare ingineria asta sociala! Quote Link to comment Share on other sites More sharing options...
Fitty Posted January 19, 2010 Report Share Posted January 19, 2010 frumos, n-am ce zice. Quote Link to comment Share on other sites More sharing options...
Death Posted January 20, 2010 Report Share Posted January 20, 2010 Ce-s cu treburile astea de copil pe Tinkode ala? Si cine pula mea e Tinkode?Fura un "bug" de pe RST, ii schimba creditele si apoi el publica tot pe RST? Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 20, 2010 Report Share Posted January 20, 2010 Tinkode a null-uit vBulletin, el a pus acel fisier acolo. Tinkode e prea 1337 ca sa foloseasca acest truc. Daca nu el a null-uit vBulletin, atunci el a pus acel fisier acolo in loc de shell, numai el stie cum a facut asta.PS: Eram sarcastic. Quote Link to comment Share on other sites More sharing options...
ROFL Posted January 20, 2010 Report Share Posted January 20, 2010 la furat? pai folosea acest bug inaitea desoperirilor lui pax...desi e destul de ineficient...daca admii au o treaba cu viata...cum sa iti lasi backupul pe host sau sa il faci ca primesti un mail?Dupa ce a postat paxnWo metoda 'strict secreta' a lui Tinkode(mare hacker de meserie), a postat si el pe renumitul sau blog acelasi lucru(bineinteles, cu creditele sale), sa nu fie el mai prejos. Penibil! Quote Link to comment Share on other sites More sharing options...
Fitty Posted January 20, 2010 Report Share Posted January 20, 2010 Headline: dupa ce a spart NASA si alte site-uri importante, renumitul hacker TinKode da cu bata in balta!!111 Quote Link to comment Share on other sites More sharing options...
Adso Posted January 20, 2010 Report Share Posted January 20, 2010 Headline: dupa ce a spart NASA si alte site-uri importante, renumitul hacker TinKode da cu bata in balta!!111e singurul ce sa aruncat aiurea de la etaj? Quote Link to comment Share on other sites More sharing options...
Church Posted January 20, 2010 Report Share Posted January 20, 2010 nu stiu de ce dar presimt ca in 2 zile o sa fie plin Club ShowOFF de vbulletine Quote Link to comment Share on other sites More sharing options...
Guest Mosad Posted January 21, 2010 Report Share Posted January 21, 2010 GYSN parca au facut un release identic cu cel al DGT-ului dar era altfel,parca (gysn-key.php) nu mai tin minte Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 22, 2010 Report Share Posted January 22, 2010 http://news.softpedia.com/news/Unlicensed-vBulletin-Installations-in-Danger-132863.shtml Quote Link to comment Share on other sites More sharing options...
andrei.samp Posted April 4, 2010 Report Share Posted April 4, 2010 cine ma ajuta ? cu validator.php cum fac ? Quote Link to comment Share on other sites More sharing options...
Metatron Posted April 4, 2010 Report Share Posted April 4, 2010 cine ma ajuta ? cu validator.php cum fac ?Esti incult copile, nu stii sa citesti? Quote Link to comment Share on other sites More sharing options...
andrei.samp Posted April 4, 2010 Report Share Posted April 4, 2010 pai scz , am gasit pe google DGT Release Checker si cum iau databasu sau acces config.php? Quote Link to comment Share on other sites More sharing options...
Guest vini4p Posted April 4, 2010 Report Share Posted April 4, 2010 pai scz , am gasit pe google DGT Release Checker si cum iau databasu sau acces config.php?Pax say:Luati-o cum vreti: files listing, directory listing, file disclosure,Acel "validator.php" doar listeaza fisiere din public_html, ce doresti tu nu se poate ! Quote Link to comment Share on other sites More sharing options...
andrei.samp Posted April 4, 2010 Report Share Posted April 4, 2010 Multumesc Quote Link to comment Share on other sites More sharing options...
