Bebee Posted November 27, 2010 Report Posted November 27, 2010 You will need:Linux machine(Highly recommended)bash,perl,apache2,mysql,The knowledge to use the aboveYou will get:20-30min of funAn idea to make it better than this..You will find 1000 of 1000 of wide open log viewersMillions of logfiles(pls dont abuse them....)DONT ABUSE THIS!!THERE IS NO WARRANTY FOR ANYTHING I'LL TELL FROM NOW ON 1. Set up a web Log center. Use ur local apache and ur local mysql.Forbid access from outside (localhost only)2. #Find a web Logger try Google("intitle:wLogs v1.0") for exampleand use the exploit perl script on it.->perl exploit.pl http://www.example.com/logger/It should throw out the full database of the targeted loger.3. Now u can use the insert.pl script to insert the stolen db into ur own.u have to edit the script(fill in ur mysql username and paswd).this step may take time (depends on the size of ur db)->perl exploit.pl http://www.example.com/logger/ >out.log.db->perl insert.pl out.log.db4. Take a look in ur own db, using the wLogs viewer or ur phpmyadmin.if u have more than 1 target, u may be intrested in the getLogs.sh script Mai jos aveti exploit.pl ,insert.pl, getlogs.sh:FileShare Download steal.zipSursa Quote
blech Posted November 27, 2010 Report Posted November 27, 2010 not working for me, i tested on my own server Quote
The Dev!L Posted November 27, 2010 Report Posted November 27, 2010 can you put the tool here or upload it on mediafire please Quote
Paul4games Posted November 30, 2010 Report Posted November 30, 2010 Este patched de mult timp acest exploit.... Quote
