Pada kali ini saya akan mengshare exploit. yang belum tau apa itu exploit, silahkan kesini. Berikut adalah kumpulan exploit yang saya gunakan untuk mencari celah website.
MYBB 1.6 (admin/index.php) XSS Vulnerabilities
==============================================MYBB 1.6 (admin/index.php) XSS Vulnerabilities==============================================1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ __ /’__` / __ /’__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /’ _ ` / /_/__<_ 0="" 11="" 1="" _="" __="" ____="">> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0
Site : Inj3ct0r.com 0
1
Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 10 I’m Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 00-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : MYBB 1.6 XSS Vulnerabilities in admin/index.php
Date : August, 15 2010
Vendor Url : http://www.mybb.com/Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,trent Dillman,All ICW members and my friends luv y0 guyz
Happy Independence day to all Pakistani and Indians #######################################################################################################MyBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because it doesn’t
validate the inputs which are passed.Xploit: XSS Vulnerabilities
XSS Vulnerabilities are found in the following* Add New Forum* Create New Theme* Simile* Post Icons* custom profile###############################################################################################################DEMO URLs: http://demo.opensourcecms.com/mybb/admin/index.php?module=forum-management&action=addhttp://demo.opensourcecms.com/mybb/admin/index.php?module=style-themes&action=addhttp://demo.opensourcecms.com/mybb/admin/index.php?module=config-smilieshttp://demo.opensourcecms.com/mybb/admin/index.php?module=config-post_iconshttp://demo.opensourcecms.com/mybb/admin/index.php?module=config-profile_fields
###############################################################################################################STEP :
* Login first* goto the options and insert the xss scripts and check the forum.###############################################################################################################
# 0day no more
# Sid3^effects
# Inj3ct0r.com [2010-08-15]
Cuman satuaja yang saya share, soalnya exploit itu panjang scriptnya. Silahkan kunjungi beberapa situs dibawah ini jika ingin ribuan Exploit
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon