 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Php hacking help |
 |
 Posted: Mon Nov 17, 2008 11:21 pm |
 |
|
| revenant |
| Regular user |
 |
|
| Joined: Nov 15, 2008 |
| Posts: 24 |
|
|
|
 |
|
 |
|
This site MAY be vulnerable to injection, i do not know. It uses php for a search function, but it might be homemade ( i know the admin ). I dont really want revenge, but a person I know should get credit for some stuff he did to someone I know, and he wont name them.
http://******.com/df/ |
|
|
|
|
| Posted: Tue Nov 18, 2008 2:06 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It's based on Wordpress. And don't post sensitive information here, that includes complete links to target sites. You know about http referer? Now think about target webserver logs  |
|
|
|
|
| Posted: Tue Nov 18, 2008 3:01 am |
|
|
| revenant |
| Regular user |
|
|
| Joined: Nov 15, 2008 |
| Posts: 24 |
|
|
|
|
|
|
|
| I can't say I understand totally. Are you suggesting somehow using the HTTP referrer to inject code and get the logs? |
|
|
|
|
| Posted: Tue Nov 18, 2008 3:04 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| No, no no ... i mean, that if you keep posting working full links to this forum and people are clicking them, then target website logs will point to this same place here. This is bad, don't you think? |
|
|
|
|
| Posted: Tue Nov 18, 2008 3:04 am |
|
|
| revenant |
| Regular user |
|
|
| Joined: Nov 15, 2008 |
| Posts: 24 |
|
|
|
|
|
|
|
| First things first, I need to identify the version of wordpress used. Will the changelog be somewhere ina /wp-something/ directory? |
|
|
|
|
| Posted: Tue Nov 18, 2008 3:08 am |
|
|
| revenant |
| Regular user |
|
|
| Joined: Nov 15, 2008 |
| Posts: 24 |
|
|
|
|
|
|
|
Ok, i foudn a site with an open filesystem so i can get my bearings. It has:
wp-content
wp-admin
wp-includes
but i cant find any kind of changelog. |
|
|
|
|
| Posted: Tue Nov 18, 2008 7:25 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Look at bottom of the source page or
victim.com/path/wp-rss.php ---> look at source.Something like
"Wordpress generator ---> blabla" |
|
|
|
|
| Posted: Tue Nov 18, 2008 11:11 pm |
|
|
| revenant |
| Regular user |
|
|
| Joined: Nov 15, 2008 |
| Posts: 24 |
|
|
|
|
|
|
|
| pexli wrote: | Look at bottom of the source page or
victim.com/path/wp-rss.php ---> look at source.Something like
"Wordpress generator ---> blabla" |
According to my copy of wordpress, wp-rss is deprecated, and it doesnt have that generator thing either. |
|
|
|
|
| Posted: Tue Nov 18, 2008 11:44 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 44
Members: 0
Total: 44
