Ukrainian Sites Url Poisoning

2018.07.07
rs Mr-0mba404 (RS) rs
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

######################## # Exploit Title : UA SITES URL POISONING # Exploit Author : ./Mr-0mba404 # Dorks : # site:ua "j images jdownloads screenshots version php j" # site:ua "wp content uploads gravity forms index php option com jdownloads" # site:ua "plugins editors jce tiny mce plugins cfg contactform" # site:ua "cfg contactform" # Contact: https://goo.gl/WfYeuy # Date: 7/6/2018 ######################### Proof od Concept: Search dorks in Google,Choose a site from there and delete everything except the domain and just add for example "www.target.ua/Hacked" ########################## Demo : https://wheelhunter.com.ua/Hacked-By-YourName http://vkolese.com.ua/Hacked-By-YourName http://colesa.com.ua/Hacked_By_Omba http://expertshin.com.ua/Hacked_By_Omba

References:

https://whatis.techtarget.com/definition/URL-poisoning-location-poisoning


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top