Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 45
Members: 0
Total: 45
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> I'm the new admin... now what? Goto page Previous1, 2
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Fri Jun 01, 2007 8:31 pm Reply with quote
barr0w
Regular user
Regular user
Joined: May 30, 2007
Posts: 13




Koko, your English is fine.

So I realized that I have edit access to all of the plugins, so I figured I would just edit the Hello Dolly plugin since it's not activated.

I go to Plugins -> Plugin Editor. Open up hello.php, take out the contents of hello.php and add the contents of c99shell.php (it's the only shell I have). My problem is that when I click the 'Update File' button to save it I receive a "HTTP Error 406 - Not acceptable" error in my Internet Explorer window. I know I have edit access to that file because I can add comments in it and it will save the changes.

When I try to save it in Firefox I get:
Not Acceptable
An appropriate representation of the requested resource /blog/wp-admin/plugin-editor.php could not be found on this server.

I'm stumped.
View user's profile Send private message Send e-mail
PostPosted: Fri Jun 01, 2007 11:29 pm Reply with quote
barr0w
Regular user
Regular user
Joined: May 30, 2007
Posts: 13




Sorry to keep posting but I keep getting one step further.

I think that I'm receiving these 406 errors because of some mod_security settings on the server. Does this mean that I hit a dead end? All I have is Wordpress Admin, and I can't upload my shells because of the mod_security rules.

Edit: Also, I know that I cna edit the .htaccess file to get around this. But when I try to edit the .htaccess file through the Wordpress File Manager I get the same 406 error that is stopping me from doing everything else.
View user's profile Send private message Send e-mail
PostPosted: Sat Jun 02, 2007 6:02 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Maybe plugin-editor.php mising for security reasons.Try Manage>>Files.
View user's profile Send private message
PostPosted: Sat Jun 02, 2007 12:00 pm Reply with quote
barr0w
Regular user
Regular user
Joined: May 30, 2007
Posts: 13




I've tried:
- Manage -> Files
- Plugins -> Plugin Editor
- Write -> Post -> Upload

The mod-security rule is affecting all of those. Unless someone has another idea of getting around mod_security I think I'm going to give up on this site and try getting into another. This is just for pracice anyways.
View user's profile Send private message Send e-mail
PostPosted: Sat Jun 02, 2007 1:24 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Pls send me this wordpress on PM.I want to look inside.Thank you.
View user's profile Send private message
PostPosted: Sat Jun 02, 2007 2:57 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




You have access to edit all wordpress files.Yes plugin editot not work,but you may edit every file with manager>>files.I edit the wp-atom.php and put my code in there.You have PM.

P.S.I hope you know basic UNIX commands. Laughing Laughing Laughing
View user's profile Send private message
PostPosted: Sat Jun 02, 2007 3:28 pm Reply with quote
barr0w
Regular user
Regular user
Joined: May 30, 2007
Posts: 13




Thank you so much for your help Koko, HAS is a very interesting tool.

UPDATE: Using HAS I was able to make edits to the .htaccess file disabling mod_security. This let me upload my shell. Thanks for the help.
View user's profile Send private message Send e-mail
PostPosted: Sun Jun 03, 2007 2:33 pm Reply with quote
laydback
Beginner
Beginner
Joined: Jun 03, 2007
Posts: 1




I made a video tutorial on the admin-ajax vuln.

Check it out --> http://h4ck3d.by.ru/
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 9:24 am Reply with quote
drag
Active user
Active user
Joined: May 31, 2007
Posts: 25




barr0w wrote:
So I have write permissions on a ton of .php files.


How do you go about finding which php files you have access to? Did you find a list of php files included in wordpress and just test them one by one?

Also, what is HAS?

Thanks.
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 10:15 am Reply with quote
drag
Active user
Active user
Joined: May 31, 2007
Posts: 25




Well.. it looks like I have no access to edit any files within the wordpress installation. Unfortunate. Does this mean that I'm pretty hosed?
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 10:34 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




drag wrote:
Well.. it looks like I have no access to edit any files within the wordpress installation. Unfortunate. Does this mean that I'm pretty hosed?


This means owner lock files for edit.
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 10:50 am Reply with quote
drag
Active user
Active user
Joined: May 31, 2007
Posts: 25




Just to make sure I understand, the admin has set the permissions on the files so that the user that the webserver is running doesn't have write access to them?
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 10:53 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Write access from where?From admin panel or from shell?
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 10:59 am Reply with quote
drag
Active user
Active user
Joined: May 31, 2007
Posts: 25




my last post should have read:

Just to make sure I understand, the admin has set the permissions on the files so that the user (that the webserver is running under) doesn't have write access to them?
View user's profile Send private message
PostPosted: Mon Jun 18, 2007 11:08 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




You have perms to edit files ONLY when wordpress is installed.Outside you don't have edit perms.
View user's profile Send private message
I'm the new admin... now what?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 2 of 2
Goto page Previous1, 2
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.037 Seconds