Was Passed on Pre-installation of
Posted: Sun Dec 22, 2024 10:10 am
We go to a site where exploits (vulnerabilities) are posted and look for what we are going to hack. The choice fell on a vulnerability under the WordPress CMS. The hole is in the WP 3D Twitter Wall plugin. We search in Google by url plugins3d-twitter-wall. We find a suitable site and follow the link from the search results.
Next, we add our own request proxy.php?url=file:etcpasswd to russian phone number list the site URL and get the file. How to protect your website from viruses How to protect your website from viruses But there are no passwords there, the site admin took care of that. We try to change the request proxy.php?url=file:etcshadow and get How to protect your website from viruses How to protect your website from viruses This is more interesting, there are passwords here, but only password hashes.
Here - either we try to decipher the password ourselves, or we contact those who can. Usually such passwords will be deciphered for you for $3-10 on thematic sites, or maybe even for free (we still have some altruists left). That's it, in a couple of minutes we got access to passwords. The vulnerability has long been known, and the plugin developers have already released a new version, which no longer has this hole, but the site owner has simply not updated yet and uses an outdated version.
XSS attack Xss is Css => Cross Site Scripting To avoid confusion with CSS, it is also called XSS This attack is aimed at site users, including the administrator. It allows stealing cookies, and if these are the admin's "cookies", then also access to the admin panel. There are two types of attacks - passive and active.
Next, we add our own request proxy.php?url=file:etcpasswd to russian phone number list the site URL and get the file. How to protect your website from viruses How to protect your website from viruses But there are no passwords there, the site admin took care of that. We try to change the request proxy.php?url=file:etcshadow and get How to protect your website from viruses How to protect your website from viruses This is more interesting, there are passwords here, but only password hashes.
Here - either we try to decipher the password ourselves, or we contact those who can. Usually such passwords will be deciphered for you for $3-10 on thematic sites, or maybe even for free (we still have some altruists left). That's it, in a couple of minutes we got access to passwords. The vulnerability has long been known, and the plugin developers have already released a new version, which no longer has this hole, but the site owner has simply not updated yet and uses an outdated version.
XSS attack Xss is Css => Cross Site Scripting To avoid confusion with CSS, it is also called XSS This attack is aimed at site users, including the administrator. It allows stealing cookies, and if these are the admin's "cookies", then also access to the admin panel. There are two types of attacks - passive and active.