Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

Mostrando postagens com marcador participants-database. Mostrar todas as postagens
Mostrando postagens com marcador participants-database. Mostrar todas as postagens

terça-feira, 10 de junho de 2014

Exploit Participants Database <= 1.5.4.8 Wordpress

0xParticipants Database
Wordpress Participants Database 1.5.4.8 - SQL Injection

É um plugin Wordpress populares que oferece a funcionalidade necessária para construir e manter um banco de dados de pessoas.

É um plugin Wordpress populares que oferece a funcionalidade necessária para construir e manter um banco de dados de pessoas. 
Participants Database Wordpress Participants Database 1.5.4.8 - SQL Injection

- Detalhes sobre a Vulnerabilidade 

1.Devido ao privilégio insuficiente verifica que é possível para anonymous(unauthenticated) para desencadear algumas ações administrativas, se algum dos códigos de acesso é utilizado (por exemplo, inscrição de página).

2. A ação "export CSV" tem um parâmetro chamado "query" que pode conter uma consulta SQL arbitrária. 
Isso significa que um usuário não autenticado pode executar instruções SQL arbitrários (por exemplo, criar um usuário administrador, ler ou escrever arquivos ou executar código dependendo dos privilégios de usuário do MySQL).  

----------------------------------------------------------------------------------------------------------------------------------
0xEXPLOIT:
http://www.exploit-db.com/exploits/33613/


0xDORK[0]:"Index of" "/wp-content/uploads/participants-database"
0xDORK[1]:inurl:"pdb-signup/" "PDB signup"
0xDORK[2]:inurl:"pdb-signup/" intitle:"PDB signup "
----------------------------------------------------------------------------------------------------------------------------------
DEBUG:
Array
(
    [0] => Array
        (
        )

    [host] => www.google.com.br
    [dork] => %22Index+of%22+%22%2Fwp-content%2Fuploads%2Fparticipants-database%22
    [arquivo] => resultados.txt
    [tipoerro] => 2
    [exploit] =>
    [achar] => Index of /wp-content/uploads/participants-database
    [cmd] => ping -c 1 _ALVO_
    [ipProxy] =>
    [porta] =>
    [url] => /search?q=%22Index+of%22+%22%2Fwp-content%2Fuploads%2Fparticipants-database%22&num=1900&btnG=Search
    [port] => 80
)






RESULTADO PARCIAL:


http://webcache.googleusercontent.com/search?q=cache:kUL3synKmD0J:http://ebookily.org/xls/gassendi%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:WuVzKwF26PUJ:http://ebookily.org/xls/kathak-dress%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk

 http://webcache.googleusercontent.com/search?q=cache:OZ9vR__pkOgJ:http://www.tag.ubc.ca/iswnetwork.ca/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
 http://webcache.googleusercontent.com/search?q=cache:MS8BxtAMxoAJ:http://www.shreeyashmatrimonial.com/kiran/d/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:l8rmzvOyZOkJ:http://www.younguttarakhand.org/wp/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
 http://webcache.googleusercontent.com/search?q=cache:t43d046zpLQJ:http://partycrewgh.org/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:3kQuvZzwr6EJ:http://top3crew.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:gpBnRGnjbxcJ:http://sdara.com/sdarawebsite/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:nHBeHM57ojEJ:http://qsaudi.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:8yfwjuM8apgJ:http://www.blc-denver2.org/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk

http://webcache.googleusercontent.com/search?q=cache:1uEWo4ctyKYJ:http://www.csa.us/www/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:G64f413f7V4J:http://www.gcm73.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:vSoBRrZja70J:http://www.powercollaborative.org/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:VyTtsWKYn2gJ:http://cccc-houston.org/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
 http://webcache.googleusercontent.com/search?q=cache:BAh_697eT80J:http://www.mjbandofgold.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:Luc-zFtM2nEJ:http://www.gapfootball.org.au/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:R6DbMAITjosJ:http://www.4k-nn.ru/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
 http://webcache.googleusercontent.com/search?q=cache:1ZHqjROYqJ8J:http://www.bcscpa.com/bcs-blog/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:-4lNmZAQJTYJ:http://graceland4kids.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk

http://webcache.googleusercontent.com/search?q=cache:seg55mSkGSoJ:http://emeraldtigers.com.au/new_2013_website/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:nR8gLIEbCOEJ:http://artisanwineclub.com/index/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:cn3Yz66lQ-AJ:http://www.dsnyfamily.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:7W_fZ-33EVQJ:http://promovgroup.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:KT4lO7pNnswJ:http://www.rebbepiper.com/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk

 http://webcache.googleusercontent.com/search?q=cache:oujptjZTnnMJ:http://www.firt2013barcelona.org/wp-content/uploads/participants-database/%2B%22Index+of%22+%22/wp-content/uploads/participants-database%22&num=1900&hl=pt-BR&&ct=clnk
http://www.thrombose-cancer.com/wp-content/uploads/participants-database/
http://www.iaodapca.org/wp-content/uploads/participants-database/
http://steppingstoneschina.net/wp-content/uploads/participants-database/
http://leg0lad.com/wp-content/uploads/participants-database/
http://www.nuis.co.il/wp-content/uploads/participants-database/
http://www.bikesforhumanity.com.au/wp-content/uploads/participants-database/
http://lanj.org/wp-content/uploads/participants-database/
http://gearupnv.org/wp-content/uploads/participants-database/
http://www.chruit.ch/wp-content/uploads/participants-database/
http://comartspartner.org/wp-content/uploads/participants-database/
http://thezonegroup.com/wp-content/uploads/participants-database/
http://www.alleywatch.com/wp-content/uploads/participants-database/
http://www.fundraisingwithcheese.com/wp-content/uploads/participants-database/
http://lifespringcommunitychurch.net/wp-content/uploads/participants-database/
http://www.wright-b-flyer.org/wp-content/uploads/participants-database/
http://www.fastenershows.com/wp-content/uploads/participants-database/
http://www.agavs.ca/wp-content/uploads/participants-database/
http://d70toastmasters.org.au/wp-content/uploads/participants-database/
http://lincolnillinois.com/wp-content/uploads/participants-database/
http://highbrookrotary.org.nz/wp-content/uploads/participants-database/
http://ptfund.org/wp-content/uploads/participants-database/
http://utahvalley360.com/wp-content/uploads/participants-database/
http://bamta.org/wp-content/uploads/participants-database/
http://nwapa.net/wp-content/uploads/participants-database/
http://victoryparkandsell.com/wp-content/uploads/participants-database/
http://nantmp.org.ng/wp-content/uploads/participants-database/
http://saafrica.org/wp-content/uploads/participants-database/
http://www.atpca.com.au/wp-content/uploads/participants-database/
http://uwtwinregistry.org/wp-content/uploads/participants-database/
http://swiggis-austin.org/wp-content/uploads/participants-database/
http://www.churchspirituallifenh.org/wp-content/uploads/participants-database/
http://mac.mb.ca/wp-content/uploads/participants-database/
http://www.mwphglotx.org/wp-content/uploads/participants-database/
http://www.diinstitute.org/wp-content/uploads/participants-database/
http://www.sbsonline.com.au/wp-content/uploads/participants-database/
http://soulmotion.com/wp-content/uploads/participants-database/
http://www.vancouveraikido.com/wp-content/uploads/participants-database/
http://www.isce.org.uk/wp-content/uploads/participants-database/
http://www.celinamercer.com/wp-content/uploads/participants-database/
http://www.cmtnl.ca/wp-content/uploads/participants-database/
http://www.saror
http://www.thrombose-cancer.com/wp-content/uploads/participants-database/
http://www.iaodapca.org/wp-content/uploads/participants-database/
http://steppingstoneschina.net/wp-content/uploads/participants-database/
http://leg0lad.com/wp-content/uploads/participants-database/
http://www.nuis.co.il/wp-content/uploads/participants-database/
http://www.bikesforhumanity.com.au/wp-content/uploads/participants-database/
http://lanj.org/wp-content/uploads/participants-database/
http://gearupnv.org/wp-content/uploads/participants-database/
http://www.chruit.ch/wp-content/uploads/participants-database/
http://comartspartner.org/wp-content/uploads/participants-database/
http://thezonegroup.com/wp-content/uploads/participants-database/
http://www.alleywatch.com/wp-content/uploads/participants-database/
http://www.fundraisingwithcheese.com/wp-content/uploads/participants-database/
http://lifespringcommunitychurch.net/wp-content/uploads/participants-database/
http://www.wright-b-flyer.org/wp-content/uploads/participants-database/
http://www.fastenershows.com/wp-content/uploads/participants-database/
http://www.agavs.ca/wp-content/uploads/participants-database/
http://d70toastmasters.org.au/wp-content/uploads/participants-database/
http://lincolnillinois.com/wp-content/uploads/participants-database/
http://highbrookrotary.org.nz/wp-content/uploads/participants-database/
http://ptfund.org/wp-content/uploads/participants-database/
http://utahvalley360.com/wp-content/uploads/participants-database/
http://bamta.org/wp-content/uploads/participants-database/
http://nwapa.net/wp-content/uploads/participants-database/
http://victoryparkandsell.com/wp-content/uploads/participants-database/
http://nantmp.org.ng/wp-content/uploads/participants-database/
http://saafrica.org/wp-content/uploads/participants-database/
http://www.atpca.com.au/wp-content/uploads/participants-database/
http://uwtwinregistry.org/wp-content/uploads/participants-database/
http://swiggis-austin.org/wp-content/uploads/participants-database/
http://www.churchspirituallifenh.org/wp-content/uploads/participants-database/
http://mac.mb.ca/wp-content/uploads/participants-database/
http://www.mwphglotx.org/wp-content/uploads/participants-database/
http://www.diinstitute.org/wp-content/uploads/participants-database/
http://www.sbsonline.com.au/wp-content/uploads/participants-database/
http://soulmotion.com/wp-content/uploads/participants-database/
http://www.vancouveraikido.com/wp-content/uploads/participants-database/
http://www.isce.org.uk/wp-content/uploads/participants-database/
http://www.celinamercer.com/wp-content/uploads/participants-database/
http://www.cmtnl.ca/wp-content/uploads/participants-database/
http://www.saroregon.org/wp-content/uploads/participants-database/
http://welshchoir.ca/wp-content/uploads/participants-database/
http://www.pnmc-hsr.org/wp-content/uploads/participants-database/
http://annwagner.com/wp-content/uploads/participants-database/
http://iyba.lasalle.org/wp-content/uploads/participants-database/
http://lpforest.org/wp-content/uploads/participants-database/
http://www.aedunlv.org/wp-content/uploads/participants-database/
http://walkabout.happeningfish.com/wp-content/uploads/participants-database/
http://www.northernarizonaaudubon.org/wp-content/uploads/participants-database/
http://claysportsirl.ie/wp-content/uploads/participants-database/
http://polyathlon-russia.com/wp-content/uploads/participants-database/
http://luislondon.com/wp-content/uploads/participants-database/
http://whatcomwritersandpublishers.org/wp-content/uploads/participants-database/
http://www.financesmediterranee.com/wp-content/uploads/participants-database/
http://bitroop1496.org/wp-content/uploads/participants-database/
http://www.firt2013barcelona.org/wp-content/uploads/participants-database/
http://www.rebbepiper.com/wp-content/uploads/participants-database/
http://promovgroup.com/wp-content/uploads/participants-database/
http://www.mjbandofgold.com/wp-content/uploads/participants-database/
http://cccc-houston.org/wp-content/uploads/participants-database/
http://www.powercollaborative.org/wp-content/uploads/participants-database/
http://www.isarmc.org/wp-content/uploads/participants-database/
http://www.blc-denver2.org/wp-content/uploads/participants-database/
http://qsaudi.com/wp-content/uploads/participants-database/
http://erosrws.com/wp-content/uploads/participants-database/
http://top3crew.com/wp-content/uploads/participants-database/
http://partycrewgh.org/wp-content/uploads/participants-database/egon.org/wp-content/uploads/participants-database/
http://welshchoir.ca/wp-content/uploads/participants-database/
http://www.pnmc-hsr.org/wp-content/uploads/participants-database/
http://annwagner.com/wp-content/uploads/participants-database/
http://iyba.lasalle.org/wp-content/uploads/participants-database/
http://lpforest.org/wp-content/uploads/participants-database/
http://www.aedunlv.org/wp-content/uploads/participants-database/
http://walkabout.happeningfish.com/wp-content/uploads/participants-database/
http://www.northernarizonaaudubon.org/wp-content/uploads/participants-database/
http://claysportsirl.ie/wp-content/uploads/participants-database/
http://polyathlon-russia.com/wp-content/uploads/participants-database/
http://luislondon.com/wp-content/uploads/participants-database/
http://whatcomwritersandpublishers.org/wp-content/uploads/participants-database/
http://www.financesmediterranee.com/wp-content/uploads/participants-database/
http://bitroop1496.org/wp-content/uploads/participants-database/
http://www.firt2013barcelona.org/wp-content/uploads/participants-database/
http://www.rebbepiper.com/wp-content/uploads/participants-database/
http://promovgroup.com/wp-content/uploads/participants-database/
http://www.mjbandofgold.com/wp-content/uploads/participants-database/
http://cccc-houston.org/wp-content/uploads/participants-database/
http://www.powercollaborative.org/wp-content/uploads/participants-database/
http://www.isarmc.org/wp-content/uploads/participants-database/
http://www.blc-denver2.org/wp-content/uploads/participants-database/
http://qsaudi.com/wp-content/uploads/participants-database/
http://erosrws.com/wp-content/uploads/participants-database/
http://top3crew.com/wp-content/uploads/participants-database/
http://partycrewgh.org/wp-content/uploads/participants-database/