 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
<meta name="generator" content="WordPress 2.1" /> <!-- leave this for stats -->
So I need to find a hack for this. I've checked milw0rm, and I found your 2.1.3 hack waraxe, but i get ... |
|
|
|
|
Look at bottom of the source page or
victim.com/path/wp-rss.php ---> look at source.Something like
"Wordpress generator ---> blabla"
According to my copy of wordpress, wp-rss is depreca ... |
|
|
|
|
Ok, i foudn a site with an open filesystem so i can get my bearings. It has:
wp-content
wp-admin
wp-includes
but i cant find any kind of changelog. |
|
|
|
|
| First things first, I need to identify the version of wordpress used. Will the changelog be somewhere ina /wp-something/ directory? |
|
|
|
|
| I can't say I understand totally. Are you suggesting somehow using the HTTP referrer to inject code and get the logs? |
|
|
|
|
| This site MAY be vulnerable to injection, i do not know. It uses php for a search function, but it might be homemade ( i know the admin ). I dont really want revenge, but a person I know should get cr ... |
|
|
|
|
Also:
8cf5d2f80a8725a8cb4681ad9fe6f7bf
Where can I crack these? The online things hasnt given me a value in forever, i just resubmitted. Im on a mac, btw. |
|
|
|
|
| Is there anything you can do to repair the tpl file? If all the news things are gone, it might be possible to just leave that and dissapear afterwards, but i need the tpl fixed. |
|
|
|
|
oh shit. I misstyped phpversion and now i get...
Parse error: syntax error, unexpected T_STRING in /home/i***/public_html/cutenews/data/Default.tpl on line 64
every time i try to get into the t ... |
|
|
|
|
Eh! Here's a problem.
Warning: phpinfo() has been disabled for security reasons in /home/***/public_html/cutenews/data/Default.tpl on line 64
Could a shell be used to save a copy of this tpl fil ... |
|
|
|
|
| Nice. So if i keep this clandestine, i can use this site as something of a base of operations to execute code on this server! |
|
|
|
|
| Ah, never mind. Im in the admin control panel. Now what? |
|
|
|
|
| Question, is this for the ftp or something else? Because isaac is correct for ftp, but that password doesnt work for it |
|
|
|
|
| Thats not right. It gets rejected. That can't be right... its the right pw for the hash. Where is the login form? Im just trying ftp. |
|
|
|
|
bcc6d350f424f4b07ddcc6c64cf61dc3
md5 retrieved from cutenews (my computer gets to hot cracking this in wine) |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 90
Members: 0
Total: 90
