> > > >

Thread Closed
WeBid remote exploit PHP shell
Meonkzt Offline

0 - 9
#11
04-13-2012, 11:21 PM
Mcrypt itu cuma module tambahan.
klo blom ada om bisa install mcypt ato php5-mcrypt.

..:: Visit Me ::.
 
Find

ekawithoutyou Away
just suramer
25 - 836
#12
04-13-2012, 11:34 PM
(04-13-2012, 03:03 PM)sundach40s Wrote:
(04-13-2012, 12:16 PM)zee eichel Wrote: ya itu memang tidak perlu jika tidak ada... karena kebetulan ane ada jadi ane kasi tau agar kalau bisa di edit dulu ...


ko keluar gini ya:

Code:
root@sundach40s:/home/dheanx# ; configuration for php MCrypt model extension=mcrypt.so
bash: syntax error near unexpected token `;'

jah ya error lah..... yang diedit ntu mcrypt.ini coba locate mcrypt.ini kalo gada apt-get install php5-mcrypt Tongue
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find

sundach40s Offline

1 - 10
#13
04-14-2012, 02:13 AM
(04-13-2012, 11:34 PM)ekawithoutyou Wrote:
(04-13-2012, 03:03 PM)sundach40s Wrote:
(04-13-2012, 12:16 PM)zee eichel Wrote: ya itu memang tidak perlu jika tidak ada... karena kebetulan ane ada jadi ane kasi tau agar kalau bisa di edit dulu ...


ko keluar gini ya:

Code:
root@sundach40s:/home/dheanx# ; configuration for php MCrypt model extension=mcrypt.so
bash: syntax error near unexpected token `;'



jah ya error lah..... yang diedit ntu mcrypt.ini coba locate mcrypt.ini kalo gada apt-get install php5-mcrypt Tongue


nih bro, SS lewat mcrypt.ini :

Spoiler! :
[Image: snapshot4.png]


Tak Pernah Lelah untuk terus Belajar


 
Find

ekawithoutyou Away
just suramer
25 - 836
#14
04-14-2012, 12:20 PM
(04-14-2012, 02:13 AM)sundach40s Wrote:
(04-13-2012, 11:34 PM)ekawithoutyou Wrote:
(04-13-2012, 03:03 PM)sundach40s Wrote:
(04-13-2012, 12:16 PM)zee eichel Wrote: ya itu memang tidak perlu jika tidak ada... karena kebetulan ane ada jadi ane kasi tau agar kalau bisa di edit dulu ...


ko keluar gini ya:

Code:
root@sundach40s:/home/dheanx# ; configuration for php MCrypt model extension=mcrypt.so
bash: syntax error near unexpected token `;'



jah ya error lah..... yang diedit ntu mcrypt.ini coba locate mcrypt.ini kalo gada apt-get install php5-mcrypt Tongue


nih bro, SS lewat mcrypt.ini :

Spoiler! :
[Image: snapshot4.png]

coba pake akses root ... om Tongue
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find

gnome_selpa Offline
me@gnomeselpa:~$ whoami
27 - 387
#15
05-30-2012, 02:44 PM
lah kok punya ane gini bos Big Grin

root@bt:~# php Webid.php http://mcs-1.com/webid/

+----------------------------------------------------------------------+
| WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit by EgiX |
+----------------------------------------------------------------------+

webid-shell# id

[-] Exploit failed


Quote:~ Tan Hana Wighna Tan Sirna ~
 
Website Find

betefive Offline
Share
41 - 411
#16
05-30-2012, 09:50 PM
sama ama yg di atas om,,

betefive@my-hocinx:~# php hh.php http://www.softaculous.com/demos/WeBid/

+----------------------------------------------------------------------+
| WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit by EgiX |
+----------------------------------------------------------------------+

webid-shell# id

[-] Exploit failed
betefive@my-hocinx:~# php hh.php http://www.softaculous.com/demos/WeBid/

+----------------------------------------------------------------------+
| WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit by EgiX |
+----------------------------------------------------------------------+

webid-shell# uname -a

[-] Exploit failed
betefive@my-hocinx:~#
sildenafil generique avis pas cher
 
Website Find

Al - Ayyubi Offline
Regional Division
12 - 973
#17
06-01-2012, 10:05 AM
ijin coba kaka Zee Confused
Spoiler! :
<<Back|Track
☆‍‍‍‍☆‍‍‍‍☆‍‍‍‍☆☆

 
Find

cll Offline

1 - 10
#18
06-01-2012, 08:22 PM
ini tujuannya untuk apa ya Om????
webird itu apa??? n PHP shell itu apa???

maklum Om, sy msih newbi... Smile
---->>> Request Timed Out...
 
Find

iKONspirasi Offline
Sysadmin
56 - 2,544
#19
06-01-2012, 10:47 PM
yg gagal harap dilihat timeline exploit tersebut:

Quote:[-] Disclosure timeline:

[19/06/2011] - Vulnerabilities discovered
[19/06/2011] - Vendor contacted
[20/06/2011] - Vendor contacted again
[21/06/2011] - No response from vendor
[21/06/2011] - Issue reported to http://sourceforge.net/apps/mantisbt/sim....php?id=34
[22/06/2011] - Issue reported to http://www.webidsupport.com/forums/proje...rojectid=1
[22/06/2011] - Vendor responsed and released patches: http://www.webidsupport.com/forums/showthread.php?3892
[04/07/2011] - Public disclosure

intinya hanya selang 3 hari sejak bug sqli-nya ditemukan vendornya langsung release patch.
jadi cari target yg masih belum di patch Big Grin
I'm @ikonspirasi - Facebook
Personal blog: http://ikonspirasi.net
 
Website Find

walangkaji Offline

0 - 19
#20
11-30-2012, 12:54 AM
kebanyakan udah dead om mungkin. .. Sad


webid-shell# id
[-] Exploit failed



cari terus siapa tau ada yang belum di patch Big Grin
 
Find


Thread Closed



Users browsing this thread: 1 Guest(s)