Ukrainian Sites Url Poisoning - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1214904 漏洞类型
发布时间 2018-07-07 更新时间 2018-07-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018070069
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
########################
# Exploit Title : UA SITES URL POISONING
# Exploit Author : ./Mr-0mba404
# Dorks :  
# site:ua "j images jdownloads screenshots version php j"
# site:ua "wp content uploads gravity forms index php option com jdownloads"
# site:ua "plugins editors jce tiny mce plugins cfg contactform"
# site:ua "cfg contactform"
# Contact: https://goo.gl/WfYeuy
# Date: 7/6/2018
#########################

Proof od Concept:
 
Search dorks in Google,Choose a site from there
and delete everything except the domain
and just add for example "www.target.ua/Hacked"

##########################

Demo : https://wheelhunter.com.ua/Hacked-By-YourName
            http://vkolese.com.ua/Hacked-By-YourName
            http://colesa.com.ua/Hacked_By_Omba
            http://expertshin.com.ua/Hacked_By_Omba