Was Passed on Pre-installation of

Learn, share, and connect around europe dataset solutions.
Post Reply
sadiksojib131
Posts: 18
Joined: Sun Dec 22, 2024 4:09 am

Was Passed on Pre-installation of

Post by sadiksojib131 »

We go to a site where exploits (vulnerabilities) are posted and look for what we are going to hack. The choice fell on a vulnerability under the WordPress CMS. The hole is in the WP 3D Twitter Wall plugin. We search in Google by url plugins3d-twitter-wall. We find a suitable site and follow the link from the search results.


Next, we add our own request proxy.php?url=file:etcpasswd to russian phone number list the site URL and get the file. How to protect your website from viruses How to protect your website from viruses But there are no passwords there, the site admin took care of that. We try to change the request proxy.php?url=file:etcshadow and get How to protect your website from viruses How to protect your website from viruses This is more interesting, there are passwords here, but only password hashes.

Image

Here - either we try to decipher the password ourselves, or we contact those who can. Usually such passwords will be deciphered for you for $3-10 on thematic sites, or maybe even for free (we still have some altruists left). That's it, in a couple of minutes we got access to passwords. The vulnerability has long been known, and the plugin developers have already released a new version, which no longer has this hole, but the site owner has simply not updated yet and uses an outdated version.


XSS attack Xss is Css => Cross Site Scripting To avoid confusion with CSS, it is also called XSS This attack is aimed at site users, including the administrator. It allows stealing cookies, and if these are the admin's "cookies", then also access to the admin panel. There are two types of attacks - passive and active.
Post Reply