Menu

Ukrainian Sites Url Poisoning

July 26, 2018 - Tricks
2018.07.07
rs Mr-0mba404 (RS) rs
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: site:ua “cfg contactform”

Exploit Title : UA SITES URL POISONING
# Exploit Author : ./Mr-0mba404
# Dorks :
# site:ua “j images jdownloads screenshots version php j”
# site:ua “wp content uploads gravity forms index php option com jdownloads”
# site:ua “plugins editors jce tiny mce plugins cfg contactform”
# site:ua “cfg contactform”
# Contact: https://goo.gl/WfYeuy
# Date: 7/6/2018
#########################

Proof of Concept:

Search dorks in Google,Choose a site from there
and delete everything except the domain
and just add for example “www.target.ua/Hacked”

##########################

Demo : https://wheelhunter.com.ua/Hacked-By-YourName
http://vkolese.com.ua/Hacked-By-YourName
http://colesa.com.ua/Hacked_By_Omba
http://expertshin.com.ua/Hacked_By_Omba

References:

https://whatis.techtarget.com/definition/URL-poisoning-location-poisoning

Leave a Reply

Your email address will not be published. Required fields are marked *