ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
09.07.2015, 22:15
|
|
Новичок
Регистрация: 14.06.2010
Сообщений: 0
Провел на форуме:
2065
Репутация:
0
|
|
Доброго времени . Через программу NetSparker 3.5.3.0 Crack . Я просканировал сайт
best-accs.org на уязвимости . Нашёл серьёзную таки уязвимость(красные вроде самые важные) . Что у нас дано
.SpoilerTarget" type="button">Spoiler: Инфо
Password Transmitted over HTTP
Url http://best-accs.org/phpmyadmin/
Form target action index.php
Это 1 и важный способ . Прошу расскажите по подробнее,что мне и как,с помощью чего нужно сделать .
2 уязвимость(Среднее или слабое,что-то между)
.SpoilerTarget" type="button">Spoiler: Инфо
[Possible] Cross-site Scripting
Url http://best-accs.org/phpmyadmin/js/messages.php?lang=en&db='>&token=169c14f1cdd0ee720 93ebe8b133b9b35
Notes Due to the Content-type header of the response, exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. The Content-type header indicates that there is a possibility of exploitation by changing the attack. However Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
Parameter Name db
Parameter Type Querystring
-------------------------------------------
Скрипт Attack Pattern '> Это как я понимаю XSS атака .
Что я собственно сделал : перешёл по этой ссылке http://best-accs.org/phpmyadmin/js/messages.php?lang=en&db='>&token=169c14f1cdd0ee720 93ebe8b133b9b35
Кто боится переходить по ссылке смотрите тут
.SpoilerTarget" type="button">Spoiler: Инфо
var PMA_messages = new Array();
PMA_messages['strClickToSelect'] = 'Click to select';
PMA_messages['strClickToUnselect'] = 'Click to unselect';
PMA_messages['strNoDropDatabases'] = '\"DROP DATABASE\" statements are disabled.';
PMA_messages['strDoYouReally'] = 'Do you really want to ';
PMA_messages['strDropDatabaseStrongWarning'] = 'You are about to DESTROY a complete database!';
PMA_messages['strDroppingEvent'] = 'Dropping Event';
PMA_messages['strDroppingProcedure'] = 'Dropping Procedure';
PMA_messages['strDeleteTrackingData'] = 'Delete tracking data for this table';
PMA_messages['strDeletingTrackingData'] = 'Deleting tracking data';
PMA_messages['strDroppingPrimaryKeyIndex'] = 'Dropping Primary Key/Index';
PMA_messages['strOperationTakesLongTime'] = 'This operation could take a long time. Proceed anyway?';
PMA_messages['strBLOBRepositoryDisableStrongWarning'] = 'You are about to DISABLE a BLOB Repository!';
PMA_messages['strBLOBRepositoryDisableAreYouSure'] = 'Are you sure you want to disable all BLOB references for database \\\'>?';
PMA_messages['strFormEmpty'] = 'Missing value in the form!';
PMA_messages['strNotNumber'] = 'This is not a number!';
PMA_messages['strHostEmpty'] = 'The host name is empty!';
PMA_messages['strUserEmpty'] = 'The user name is empty!';
PMA_messages['strPasswordEmpty'] = 'The password is empty!';
PMA_messages['strPasswordNotSame'] = 'The passwords aren\'t the same!';
PMA_messages['strAddNewUser'] = 'Add a New User';
PMA_messages['strCreateUser'] = 'Create User';
PMA_messages['strReloadingPrivileges'] = 'Reloading Privileges';
PMA_messages['strRemovingSelectedUsers'] = 'Removing Selected Users';
PMA_messages['strClose'] = 'Close';
PMA_messages['strGo'] = 'Go';
PMA_messages['strCancel'] = 'Cancel';
PMA_messages['strLoading'] = 'Loading';
PMA_messages['strProcessingRequest'] = 'Processing Request';
PMA_messages['strErrorProcessingRequest'] = 'Error in Processing Request';
PMA_messages['strDroppingColumn'] = 'Dropping Column';
PMA_messages['strAddingPrimaryKey'] = 'Adding Primary Key';
PMA_messages['strOK'] = 'OK';
PMA_messages['strRenamingDatabases'] = 'Renaming Databases';
PMA_messages['strReloadDatabase'] = 'Reload Database';
PMA_messages['strCopyingDatabase'] = 'Copying Database';
PMA_messages['strChangingCharset'] = 'Changing Charset';
PMA_messages['strTableMustHaveAtleastOneColumn'] = 'Table must have at least one column';
PMA_messages['strCreateTable'] = 'Create Table';
PMA_messages['strYes'] = 'Yes';
PMA_messages['strNo'] = 'No';
PMA_messages['strSearching'] = 'Searching';
PMA_messages['strHideQueryBox'] = 'Hide query box';
PMA_messages['strShowQueryBox'] = 'Show query box';
PMA_messages['strInlineEdit'] = 'Inline Edit';
PMA_messages['strEdit'] = 'Edit';
PMA_messages['strSave'] = 'Save';
PMA_messages['strHide'] = 'Hide';
PMA_messages['strHideSearchCriteria'] = 'Hide search criteria';
PMA_messages['strShowSearchCriteria'] = 'Show search criteria';
PMA_messages['strIgnore'] = 'Ignore';
PMA_messages['strSelectReferencedKey'] = 'Select referenced key';
PMA_messages['strSelectForeignKey'] = 'Select Foreign Key';
PMA_messages['strPleaseSelectPrimaryOrUniqueKey'] = 'Please select the primary key or a unique key';
PMA_messages['strChangeDisplay'] = 'Choose column to display';
PMA_messages['strAddOption'] = 'Add an option for column ';
PMA_messages['strGeneratePassword'] = 'Generate password';
PMA_messages['strGenerate'] = 'Generate';
PMA_messages['strChangePassword'] = 'Change Password';
PMA_messages['strMore'] = 'More';
PMA_messages['strNewerVersion'] = 'A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is %s, released on %s.';
PMA_messages['strLatestAvailable'] = ', latest stable version:';
var themeCalendarImage = './themes/pmahomme/img/b_calendar.png';
var pmaThemeImage = './themes/pmahomme/img/';
var pmaversion = '3.4.11.1deb2+deb7u1';
if ($.datepicker) {
$.datepicker.regional['']['closeText'] = 'Done';
$.datepicker.regional['']['prevText'] = 'Prev';
$.datepicker.regional['']['nextText'] = 'Next';
$.datepicker.regional['']['currentText'] = 'Today';
$.datepicker.regional['']['monthNames'] = ['January','February','March','April','May','June', 'July','August','September','October','November',' December',];
$.datepicker.regional['']['monthNamesShort'] = ['Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','S ep','Oct','Nov','Dec',];
$.datepicker.regional['']['dayNames'] = ['Sunday','Monday','Tuesday','Wednesday','Thursday' ,'Friday','Saturday',];
$.datepicker.regional['']['dayNamesShort'] = ['Sun','Mon','Tue','Wed','Thu','Fri','Sat',];
$.datepicker.regional['']['dayNamesMin'] = ['Su','Mo','Tu','We','Th','Fr','Sa',];
$.datepicker.regional['']['weekHeader'] = 'Wk';
$.datepicker.regional['']['hourText'] = 'Hour';
$.datepicker.regional['']['minuteText'] = 'Minute';
$.datepicker.regional['']['secondText'] = 'Second';
$.extend($.datepicker._defaults, $.datepicker.regional['']);
} /* if ($.datepicker) */
Тоже не понимаю как . Объясните пожалуйста .
Остальные способы я не знаю важные,но посмотрите на скрине,если надо будет выложу и оттуда .
И от на всякий случай robots.txt
.SpoilerTarget" type="button">Spoiler: Инфо
Robots.txt Detected
Url http://best-accs.org/robots.txt
Interesting Robots.txt Entries
- Disallow: /engine/go.php
- Disallow: /engine/download.php
- Disallow: /user/
- Disallow: /newposts/
- Disallow: /statistics.html
- Disallow: /*subaction=userinfo
- Disallow: /*subaction=newposts
- Disallow: /*do=lastcomments
- Disallow: /*do=feedback
- Disallow: /*do=register
- Disallow: /*do=lostpassword
- Disallow: /*do=addnews
- Disallow: /*do=stats
- Disallow: /*do=pm
ВАЖНО!Собственно и сам скрин :
.SpoilerTarget" type="button">Spoiler: скрин
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Древовидный вид