 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 552
 Members: 0
 Total: 552
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| barr0w |
| |
| Replies: 5 |
| Views: 13973 |
|
|
 |
|
 |
|
| I hear that c99 sucks a lot, but what is a better alternative? I have yet to find something better that has an interface in English. |
|
|
|
|
Hey everyone,
The ultimate goal is embedding my already working cookie stealer into a Flash movie. I've made some attempts but am having trouble. I create a flash movie and put the following in an ... |
|
|
|
| barr0w |
| |
| Replies: 7 |
| Views: 40744 |
|
|
|
|
|
|
Has anyone seen this new advisory that just showed up on milw0rm?
http://www.milw0rm.com/exploits/4039
Unfortunately all of the comments are written in Spanish. It also looks like the exploit i ... |
|
|
|
|
| I've been that version, it's very nice. Does anyone have a really big English dictionary file though? |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
Thank you so much for your help Koko, HAS is a very interesting tool.
UPDATE: Using HAS I was able to make edits to the .htaccess file disabling mod_security. This let me upload my shell. Thanks ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
I've tried:
- Manage -> Files
- Plugins -> Plugin Editor
- Write -> Post -> Upload
The mod-security rule is affecting all of those. Unless someone has another idea of getting around ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
Sorry to keep posting but I keep getting one step further.
I think that I'm receiving these 406 errors because of some mod_security settings on the server. Does this mean that I hit a dead end? A ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
Koko, your English is fine.
So I realized that I have edit access to all of the plugins, so I figured I would just edit the Hello Dolly plugin since it's not activated.
I go to Plugins -> Plu ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
I managed to find out where in the functions.php is the allowed upload list. I was able to upload my shell, but when I try to hit it:
http://site/blog/wp-content/uploads/2007/06/shell.php
I get ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
Continuing on my quest to upload a shell after I used Waraze's newest Wordpress exploit to gain Wordpress admin access.
So I have write permissions on a ton of .php files.
My idea was you utiliz ... |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
| Thanks for the direction Koko. I'm going to make attempts today on all of those suggestions. |
|
|
|
| barr0w |
| |
| Replies: 29 |
| Views: 27946 |
|
|
|
|
|
|
Well if you have access to admin panel uploading shell is easy
What about uploading shell with Wordpress admin access. I've done some searching and haven't really found anything that makes me be ... |
|
|
|
| barr0w |
| |
| Replies: 52 |
| Views: 462713 |
|
|
|
|
|
|
| Yesterday I built a LAMP box with PHP/CURL just to try this exploit out. It works PERFECTLY. I just wanted to say great work and thank you. Now if I was just more skilled at md5 hacking I'd be all ... |
|
|
| Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
